Today in horror stories: setting up the local dev environment for a project I'm taking over creates changes and notifications in prod.

Oh and my local dev env is somehow receiving data from actual patients. I don't know how.

Check your tokens again: run your env without internet and see what breaks, that service might be connected to prod.

I really hope you're no in the EU otherwise that's a serious horror story that won't end well for anyone.

@cmarshall10450 oh I am

I so very much am

I do not wish to know exactly where thus data came from, but I informed whoever needs to be informed and we'll see what happens

To ease everyone's mind just a tiny bit, we don't store who the data came from, just what device, a random id and which doctor is responsible for it. Their doctor should be the only ones who can link data to a person

@melezorus34 apparently, the system just simply does not care what you put in its config files, it has firebase, cloud push, datastream credentials hardcoded and will use those over the config.

Why has nobody heard of documentation here and why did I only find out because users started reporting seeing my "work you shit" push messages on their devices?

@epse oh no. OH GOD, HAHAHAHA

💩

@epse please be very careful with that. Even if it's just a doctor that's what can match back a patient, it's still personal information.

@cmarshall10450 yeah I am, but when I can't know it's coming, it's kinda hard

@epse I can fully understand that but I've been in similar situations before and just trying to look out for you. If there is any investigation into what happened with the data, you'll be asked how long you kept the data for, if you reported it to anyone, if you did report it, how long it took you to report it, how many patients were impacted and exactly who else had access to that data.

Not knowing that it was going to come isn't an excuse for disregarding is and not reporting it. I'm not saying you were to blame for it but reporting it protects yourself.

Medical data is treated as especially sensitive in the EU so a lot of question should be asked.

If it was my medical data that you were getting, I'd be really wanting to know why that was leaked to you.