Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
bioDan56224yWTF are they butthurting about? You were doing your job, you didnt take any decision, you just did what they told you. How can they be so blind to that? Do they really need you to quote them or post a screenshot?
-
He probably agreed bc hes too stupid to understand the strategy and wanted to nod. It sounds like a dead obvious issue to me and I’m not a security guru...actually my security knowledge sucks balls. Imagine getting hacked and watching the company crash bc some corporate asshole didn’t take advice from a “lowly peon” like us. Fuck, these people you work with will suffer in other companies where you actually have to be good
-
Simple. Send them email headed "severe risk found/potential data breach" and explian the problem there.
They ignore. Nothing happens. all good.
They ignore. Shit hits the fan. You have an email to cover your ass. All good.
They don't ignore. Shit gets fixed. All good.
Thats about it.You did yoir job, they fucked up. -
jeeper58094yWhere you fucked up is you didn’t stroke their ego all the way along while reporting the problem.
/s kinda. Sometimes it takes some awful brown nosing to get something important done. -
Root797674y@jeeper They literally agreed to it in the meeting the previous week, and like five messages above in the channel where they yelled at me. Unless their screens were tiny, their messages saying we should do the thing we’re still on their screens while telling me I can’t make the decision to do the thing.
@magicMirror It’s all documented in Slack and on the release Audit ticket in Jira with a link to the fix task.
@jeeper Pm you’re probably right. I really feel like the cool kids club at work are all stern on these things, parrot one another, and demand everyone else follow better practices — and that this maintains their position as a cool kid. But as soon as someone else says these same things on their own, they’re kicked off the tree house ladder and banned from ever climbing it again. -
This sounds like they have a gender issue. They’re probably men who feel knocked off their pedestal when hearing good suggestions from a woman. Suggestions they couldn’t muster themselves. I say this as a male myself, btw. They’re probably sexists and racists pretending to be civil rights gurus for hugs kisses and social media gold
-
VP: You are in total and complete charge
Also VP: FUCK YOU BITCH UR NOT IN CHARGE HAHAAA
Gotta love this type of people who don’t stand by their words. This is cowardice and mistrust.
Related Rants
Example #1 of ??? Explaining why I dislike my coworkers.
[Legend]
VP: VP of Engineering; my boss’s boss. Founded the company, picked the CEO, etc.
LD: Lead dev; literally wrote the first line of code at the company, and has been here ever since.
CISO: Chief Information Security Officer — my boss when I’m doing security work.
Three weeks ago (private zoom call):
> VP to me: I want you to know that anything you say, while wearing your security hat, goes. You can even override me. If you need to hold a release for whatever reason, you have that power. If I happen to disagree with a security issue you bring up, that’s okay. You are in charge of release security. I won’t be mad or hold it against you. I just want you to do your job well.
Last week (engineering-wide meeting):
> CISO: From now on we should only use external IDs in urls to prevent a malicious actor from scraping data or automating attacks.
> LD: That’s great, and we should only use normal IDs in logging so they differ. Sounds more secure, right?
> CISO: Absolutely. That way they’re orthogonal.
> VP: Good idea, I think we should do this going forward.
Last weekend (in the security channel):
> LD: We should ONLY use external IDs in urls, and ONLY normal IDs in logging — in other words, orthogonal.
> VP: I agree. It’s better in every way.
Today (in the same security channel):
> Me: I found an instance of using a plain ID in a url that cancels a payment. A malicious user with or who gained access to <user_role> could very easily abuse this to cause substantial damage. Please change this instance and others to using external IDs.
> LD: Whoa, that goes way beyond <user_role>
> VP: You can’t make that decision, that’s engineering-wide!
Not only is this sane security practice, you literally. just. agreed. with this on three separate occasions in the past week, and your own head of security also posed this before I brought it up! And need I remind you that it is still standard security practice!?
But nooo, I’m overstepping my boundaries by doing my job.
Fucking hell I hate dealing with these people.
rant
security
it’s a great idea until root says it
idiots