Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "compliance"
-
Each month my department compiles a 4M row 150 column data table for compliance with a federal agency. Before submitting, we check it against about 400 rules.
The existing system was simply 400 queries that ran in sequence, table-scanning 4M rows each time, taking upwards of 6 hours, which is a huge bottleneck, especially if you have to make changes and rerun. Plus the output was rather one-dimensional.
I built a proper normalized database and created a sort of rules engine, running all 400 rules in one table scan. Not only does it complete in 30 minutes, but the reports generate automatically, and the results can be filtered on several dimensions to aid with root-cause analysis.
Management was pleased.4 -
Also a big “fuck you” to whoever decided under any circumstance holding the power button down on a computer case meant anything other than shut this mother fucker all the way down and try the fuck again.
Gahhh. When I hold the power button I don’t what you to sleep, I want you to die! I’m electronically smothering your bitch ass. When I’m holding down the power button to restart, the computer should feel like it’s being waterboarded! Like these may be it’s last moments on Earth if it doesn’t act right and get in compliance! No it’s not nap time, it’s time to shut up or shut down...forever!9 -
In a user-interface design meeting over a regulatory compliance implementation:
User: “We’ll need to input a city.”
Dev: “Should we validate that city against the state, zip code, and country?”
User: “You are going to make me enter all that data? Ugh…then make it a drop-down. I select the city and the state, zip code auto-fill. I don’t want to make a mistake typing any of that data in.”
Me: “I don’t think a drop-down of every city in the US is feasible.”
Manage: “Why? There cannot be that many. Drop-down is fine. What about the button? We have a few icons to choose from…”
Me: “Uh..yea…there are thousands of cities in the US. Way too much data to for anyone to realistically scroll through”
Dev: “They won’t have to scroll, I’ll filter the list when they start typing.”
Me: “That’s not really the issue and if they are typing the city anyway, just let them type it in.”
User: “What if I mistype Ch1cago? We could inadvertently be out of compliance. The system should never open the company up for federal lawsuits”
Me: “If we’re hiring individuals responsible for legal compliance who can’t spell Chicago, we should be sued by the federal government. We should validate the data the best we can, but it is ultimately your department’s responsibility for data accuracy.”
Manager: “Now now…it’s all our responsibility. What is wrong with a few thousand item drop-down?”
Me: “Um, memory, network bandwidth, database storage, who maintains this list of cities? A lot of time and resources could be saved by simply paying attention.”
Manager: “Memory? Well, memory is cheap. If the workstation needs more memory, we’ll add more”
Dev: “Creating a drop-down is easy and selecting thousands of rows from the database should be fast enough. If the selection is slow, I’ll put it in a thread.”
DBA: “Table won’t be that big and won’t take up much disk space. We’ll need to setup stored procedures, and data import jobs from somewhere to maintain the data. New cities, name changes, ect. ”
Manager: “And if the network starts becoming too slow, we’ll have the Networking dept. open up the valves.”
Me: “Am I the only one seeing all the moving parts we’re introducing just to keep someone from misspelling ‘Chicago’? I’ll admit I’m wrong or maybe I’m not looking at the problem correctly. The point of redesigning the compliance system is to make it simpler, not more complex.”
Manager: “I’m missing the point to why we’re still talking about this. Decision has been made. Drop-down of all cities in the US. Moving on to the button’s icon ..”
Me: “Where is the list of cities going to come from?”
<few seconds of silence>
Dev: “Post office I guess.”
Me: “You guess?…OK…Who is going to manage this list of cities? The manager responsible for regulations?”
User: “Thousands of cities? Oh no …no one is our area has time for that. The system should do it”
Me: “OK, the system. That falls on the DBA. Are you going to be responsible for keeping the data accurate? What is going to audit the cities to make sure the names are properly named and associated with the correct state?”
DBA: “Uh..I don’t know…um…I can set up a job to run every night”
Me: “A job to do what? Validate the data against what?”
Manager: “Do you have a point? No one said it would be easy and all of those details can be answered later.”
Me: “Almost done, and this should be easy. How many cities do we currently have to maintain compliance?”
User: “Maybe 4 or 5. Not many. Regulations are mostly on a state level.”
Me: “When was the last time we created a new city compliance?”
User: “Maybe, 8 years ago. It was before I started.”
Me: “So we’re creating all this complexity for data that, realistically, probably won’t ever change?”
User: “Oh crap, you’re right. What the hell was I thinking…Scratch the drop-down idea. I doubt we’re have a new city regulation anytime soon and how hard is it to type in a city?”
Manager: “OK, are we done wasting everyone’s time on this? No drop-down of cities...next …Let’s get back to the button’s icon …”
Simplicity 1, complexity 0.16 -
Been lurking here for a while. Finally pissed off enough to post.
Been programming in Ada for nearly a decade now. One of the few younger devs who knows the language well. Have a large collection of libraries and tools written in it, open source. Done contract work. Looking to get out of my current line of work, which is medicine, because fuck this recent legal climate. I'm spending all my time dealing with legal compliance and it rapidly changing.
I see a job posting from a company looking for a programmer to mostly write testing stuff for clients. They mostly work with Ada. I've written a whole unit testing and integration testing framework. Perfect. Apply. "You don't have the required skills." Oh... K then.
Wanna guess what I was just offered as contract work. Same company. I guess i'm fucking qualified if you asswipes sought me out to ask me to fix your fucking bullshit.
What the hell is wrong with management and HR in recent years?9 -
Got bored at work today and tried to write a program to do my job for me. Security and compliance saw it in the logs (trying to run unauthorized program) and came to give me a hug.11
-
Manager: How come the push to prod didn’t happen?
Dev: We told you at the scrum yesterday. To reiterate, our dev environment was crashing so it’s not safe to push to prod until that is fixed.
Manager: Ok well lets set a goal to fix that and push to prod happens today so that it guaranteed happens.
Dev: That was our goal yesterday and it definitely didn’t happen.
Manager: I AM AWARE OF THAT. The corrective action is that this time compliance with the goal is 100% ABSOLUTELY MANDATORY!!
Dev: We’ll do our best, can’t guarantee anything until we figure out what the nature of what is occurring on dev though.
Manager: NO. I AM THE BOSS. YOU WILL 100% ABSOLUTELY COMPLY WITH THIS. THAT IS AN ORDER. YOU WILL SUCCESSFULLY GET THIS UPDATE OUT TO PROD TODAY. ANYTHING LESS THAN THAT SHALL BE CONSIDERED INSUBORDINATION. I WANT STATUS UPDATES EVERY 15 MINUTES ON WHERE WE ARE AT WITH THIS.
Dev: …
Dev: Can I get you to send me that request in an email?
*Manager leaves the meeting*
// *****************************
Job search is ticking along. It’s tough going though because I currently make ~120k and the best offers I’ve received so far are all ~70k because “You only have 2 years experience so you couldn’t possibly have the skills to be worth 120k. You are are junior level developer and 70K is already overpaying for you. We can pay you more later™. No we will not give you that in writing”. Ah well, the hunt continues.17 -
Good news everyone. As of 30th June 2018, PCI compliance demands a minimum of TLS v1.1. Meaning it's illegal for your website to support IE6-1011
-
That'd be Linux for sure. I love how it allows its operator to do anything they please, without any lockdown or nannying. How I own the piece of software (given copyright compliance of course), rather than being just (temporarily) licensed to use it. How I can customize it into whatever shape I want. How it allows pretty much anyone to contribute. And redistribution! Yes, the hundreds if not thousands of distributions and appliances that use it! Simply amazing.1
-
My CTO told the COO and CEO i'd be finished SOC2 compliance by the end of December... On December 14th.
It takes 3 months to do the audit, let alone all the actual work. I hadn't even started yet.
He was fired shortly after that.7 -
I fucking hate toxic positivity. Every fucking corporation pushes the notion that "lifE iS aWeSomE, wE cArE abOuT pEoPle" and other such bullshit, and when you point it out, they call you a bad, toxic person.
No, you don't care about your community, let alone the whole world. You're just trying to make people believe that spyware, wage slavery and being fired by a neural network is the norm. You're making money off of those who don't have a choice.
If you account all people, not just American white rich 1%, it turns out that for the vast majority of people life is either an uphill battle or straight up nightmare. People are working in shifts and have no time or emotional resource to spend on themselves. Most of the people can't afford a house or a flat. Even those who can still suffer from mental illnesses, to the point where there are more mentally challenged people than mentally healthy ones. The word "neurotypical" meaning "mentally healthy" is wrong.
You want nothing but to sell your stuff and earn more money off of Chinese and Indian factory workers who work 16-hour shifts. Maybe your life is great, but aggressively pushing this notion is a big, wet spit in the face of humanity.
Fuck you. Fuck your space rockets. Fuck your twitter accounts. Fuck your institutionalized exploitation of the weak. Fuck your products. Fuck your "open source". Fuck your "GDPR compliance". Fuck your offshores, your hedge funds and your tax evasion. Fuck your bailouts. Fuck your ships spilling tons of crude oil, fuck your factories, fuck your slave labor, fuck your anti-suicide nets in Chinese dormitories.
One day, because of you, our planet will become unlivable. You will hop into your fancy space rocket to go to that top-1% elite Mars colony. Nice job.
But I will pray for a solar flare to hit you and turn you and your fucking rocket into radioactive ash.20 -
I just almost shat myself.
I altered the wrong database table column...truncated data we are required to keep for government compliance.
Luckily I had exported that table earlier today and was able to recover it all. I'm in need of a very strong drink right about now.12 -
Hi Dev Ranter,
My name is John Smith and I came accross to your resume on Linked In and I was very impressed. Would you be interested in a 5 min call?
Job Details:
Required skills (all expert levels): C#, JAVA, Clojure, C, PHP, Frontend, Backend, Agile, MVP, Baking, Redis, Apache, IIS, RoR, Angular, React, Vue, MySQL, MSSIS, MSSQL, ORACLE, PostgreSQL, Access, Python, Machine Learning, HTML, CSS, Fortran, C++, Game design, Book writing, PCI - Compliance
Salary: $15/Hours no benefits
Duration: 2 Months (possible extension, plus we can fire you at will)
Place: Remote (with work tracking software)
Hours: 5am - 1pm, 6pm - 11pm
Expect to work on weekends
You will be managing people as well as building applications that had to be running as of yesterday. Team culture is very toxic and no one cares about you.
We care about you though (as long as you deliver)
Looking forward to talk to you.
John Smith
Founder, CEO, Director of Staffing, Entrepeneur
Tech Staffers LLC ( link to a PNG posted on facebook)
Est. 202020 -
If Corona Virus, were to make a CV, it would make an interesting read:
1. Responsible for Global Digital Transformation.
2. Reduction of Global CO2 emission and Greenhouse gasses.
3. Global Hygiene initiatives: Ensured 100% compliance on washing hands and body bath.
4. Made industry shift to WFH - saved exposure and costs.
5. Reduction in noise pollution by making everyone keep their mouth shut (masked).
6. Taught cooking, vegetable shopping, housekeeping to many,
7. Provided ample time to all egoistic and self centered people, to contemplate on their mortal nature.
8. Provided a big boost to the Pharma sector and brought back small utility stores back into the limelight.
9. Highlighted the importance of governance, adaptability and long term planning, by all sectors.
Corona’s CV seems superior to many 😉2 -
Once a CEO is 24*7 a CEO. For me it's Chief Experiment Officer
And only dreamers can have that title. One who dreams at night and work it out the following day.
Having a startup is much more than just having an idea
It's about revenue,
It's about value,
It's about team,
It's about impact,
It's about growth,
It's about compliance,
It's about being finance, marketing, HR and tech expert at the same time.
It's about respect the supporters,
At the end it's about the money you earn as an individual.
For playing all the above roles, you need to dream real big.
To me startup is about falling in love with your work first.
-
By an Indian CEO2 -
Requested an installer for Photoshop for my personal laptop...bcoz of compliance n licensing issue..they gave me company macbook air instead... Ok no problem 😁
-
me: the source code is currently store on GitHub and we use GitHub Actions after each updates to compile your code into binary before deploying to your servers
client: storing source code on GitHub (external server) is insecure and breaks compliance
me: so i guess you will need to have a copy of the source code on all your servers and build them directly there (too cheap to have a separate build server) instead of using GitHub Actions
client: yeah
me: keep in mind that all your certificates and tokens are going to be store as plain text in all your servers so if a hacker gain access to anyone of your servers, they will have access to everything.
client: yeah, this is in compliance to our security policy3 -
You know GDPR compliance is going to create a whole new form of scam where scammers impersonate users and send data requests to companies to get people's info.9
-
In the before time (late 90s) I worked for a company that worked for a company that worked for a company that provided software engineering services for NRC regulatory compliance. Fallout radius simulation, security access and checks, operational reporting, that sort of thing. Given that, I spent a lot of time around/at/in nuclear reactors.
One day, we're working on this system that uses RFID (before it was cool) and various physical sensors to do a few things, one of which is to determine if people exist at the intersection of hazardous particles, gasses, etc.
This also happens to be a system which, at that moment, is reporting hazardous conditions and people at the top of the outer containment shell. We know this is probably a red herring or faulty sensor because no one is present in the system vs the access logs and cameras, but we have to check anyways. A few building engineers climb the ladders up there and find that nothing is really visibly wrong and we have an all clear. They did not however know how to check the sensor.
Enter me, the only person from our firm on site that day. So in the next few minutes I am also in a monkey suit (bc protocol), climbing a 150 foot ladder that leads to another 150 foot ladder, all 110lbs of me + a 30lb diag "laptop" slung over my shoulder by a strap. At the top, I walk about a quarter of the way out, open the casing on the sensor module and find that someone had hooked up the line feed, but not the activity connection wire so it was sending a false signal. I open the diag laptop, plug it into the unit, write a simple firmware extension to intermediate the condition, flash, reload. I verify the error has cleared and an appropriate message was sent to the diagnostic system over the radio, run through an error test cycle, radio again, close it up. Once I returned to the ground, sweating my ass off, I also send a not at all passive aggressive email letting the boss know that the next shift will need to push the update to the other 600 air-gapped, unidirectional sensors around the facility.11 -
Me: API support, please check why I'm getting ECONNTIMEDOUT for 3% of requests
supp: before we look into this, please answer these questions: a), b), c), d), e)
Me and coleague: *spend 20 minutes gathering all the details into a nice answer. Post the answers*
Slack bot: *removes the answer [allegedly for compliance/security]*
api supp: any update?
..... I really want to smash smth. Hulk SMASH!!!3 -
So I just had this job interview with a "startup" (side note: who the fuck still calls limping companies "startups" in 2024? That is sooooo 2010s).
There was this tattooed and very pale girl (you just know the vibe), the mandatory Norse bearded tall guy and the balding, "I'm-in-my-fifties-but-I-am-not-a-square, maaan" sleasy-looking white guy in a button up shirt but no suit jacket. The whole stereotypes gang came looking for their missing nerdy Indian.
The sleasy bloke goes on and on on a looong tirade on how they're "a tech innovation academy", how they "move fast and break things" and they "run smoking hot", so that "long nights are to be expected".
So, they usual red-flagging shit.
Then they all went on a "but we're not like all those companies that look exactly like us" word salad about "sustainability and a healthy work life balance", with their "highest value" being "the utmost respect at all times". I'm nodding my head at the meaningless splurge until they fart out the sentence "for example, cussing while talking with colleagues is a fireable offence".
If some hustling enterprise rather prefers a posh working environment, one can adapt to such circumstances. Provided, of course, that said enterprise adheres to the administrative coherence expected from a culturally refined institution. Mostly by compliance, from the leadership, to a rigidly predictable working schedule.
Now, if the bloody curs want coder dogs that work assfucking hours with a shit eating grin, they better swallow our fucking sailor mouths. Fuck, I've done twenty hour shifts getting my ass kicked in dark startup fisting/rush rooms. If unable to yell at any blabbering cocksucker to go stick his fucking opinions up the bitch who crapped him, then I ain't gonna bloody be there.
TL;DR they can either have a "utmost respect" working environment XOR a "fast and hot" daily hustle.
After they crapped out that oxymoron I could barely hold myself to avoid saying "sorry, I do not partake in any of the psychedelics you must be on".
On to the next interviews!9 -
Most ignorant ask from a PM or client?
Migrated to SharePoint 2016 which included Reporting Services, and trying to fix a bug in the reporting services scheduler, I created a report (aka, copied an existing one) 'A Klingon Walks Into a Bar', so it would first in the list and distinct enough so the QA testers would (hopefully) leave it alone.
The PM for the project calls me.
PM: "What is this Klingon report? It looks like a copy of the daily inventory report"
Me: "It is. The reporting service job keeps crashing on certain reports that have daily execution schedules."
PM: "I need you to delete it"
Me: "What? Why? The report is on the dev sharepoint site. I named the report so it was unique and be at the top of the list so I can find it easily."
PM: "The name doesn't conform to our standards and it's confusing the testers."
Me: "The testers? You mean Dan, you, and Heather?"
PM: "Yes, smartass. Can you name the report something like daily inventory report 2, or something else?"
Me: "I could, but since this is in development, no. You've already proofed out the upgrade. You're waiting on me to fix this sharepoint bug. Why do you care what I do on this server? It's going away after the upgrade."
PM: "Yea, about that. We like having the server. It gives us a place to test reports. Would really appreciate it if you would rename or delete that report."
Me: "A test sharepoint reporting services server out of scope, so no, we're not keeping it."
PM: "Having a server just for us would be nice."
Me: "$10,000 nice? We're kinda fudging on the licensing now. If we're keeping it, we will be required to be in compliance. That's a server license, sharepoint license, sql server license, and the dedicated hardware. We talked about that, remember?"
PM: "Why is keeping that report so important to you? I don't want to explain to a VP what a Klingon is."
Me: "I'm not keeping the report or moving it to production. When I figure out the problem, I'll delete the report. OK?"
PM: "I would prefer you delete the report before a VP sees it."
Me: "Why would a VP be looking? They probably have better things to do."
PM: "Jeff wants to see our progress, I'll have to him the site, and he'll see the report."
Me: "OK? You tell Jeff it's a report I'm working on, I'll explain what a Klingon is, Jeff will call me a nerd, and we all move on."
PM: "I'm not comfortable with this upgrade."
Me: "What does that mean?"
PM: "I asked for something simple and I can't be responsible for the consequences. I'll be documenting this situation as a 'no-go' for deployment"
Me: "Oookaayyy?"
I figured out the bug, deleted the 'Klingon' report, and the PM couldn't do anything to delay the deployment.4 -
Am I the only one who doesn't judge a programmers contributions by commits or change history?
Frequently I'm always near the bottom of contributors, because I don't make a million commits when it's broken. And I don't commit lines that will likely disappear in later commits. I like to finish a function, test it, check it, rework, and then make a "made function()" commit, as apposed to:
"Wrote function()"
"Wrote unit tests for function()"
"Fixed error"
"Code cleanup"
"Style guide compliance"
"Reworked function()"
etc.
Sorry that I keep my commit history clean and ensure it builds.7 -
My company just acquired another company from some losers.
Gotta load their pittance database onto our thing.
Their entire "Technology Department" is one old fart.
One even older fart runs their accounting.
I asked the IT boomer for their accounting data.
He tells me to get the head accountant.
The head accountant says they do not have any historical accounting data.
I threaten to call the (equivalent of the) IRS on them.
They give up, admit that they do have some historical data. But they attempt to pull a "malicious compliance" on me, send me a pallet full of old receipts, on paper.
I do what I have done one hundred times before, I go to the closest community college (equivalent) and ask/bribe a teacher to offer the most trustworthy kids some pretty pennies to scan all those files for me.
A dozen of them barely took a week to do it using their not-so-bad camera phones.
It all for about the same price as a couple of older-but-still-good iPhones.
Then it's on to some simple OCR and data normalization tasks.
This morning I had another meeting with the losers, the first since I told them their "data" had just arrived in the mail (but a couple weeks after that). They log in for the meeting all smug, thinking we would ask for more time to load their data, and it would be my team's fault for any delays.
Then the regional business evaluator logs in and said he reviewed their financials yesterday and we have a lot to talk about.
I will remember their "just got punched in the gut" faces forever :)7 -
So there is a WP plugin for GDPR conformity. True to form of the shitty WP plugin ecosystem, it has a major security hole that allows taking over the WP installation:
https://wordfence.com/blog/2018/...4 -
Whelp. I started making a very simple website with a single-page design, which I intended to use for managing my own personal knowledge on a particular subject matter, with some basic categorization features and a simple rich text editor for entering data. Partly as an exercise in web development, and partly due to not being happy with existing options out there. All was going well...
...and then feature creep happened. Now I have implemented support for multiple users with different access levels; user profiles; encrypted login system (and encrypted cookies that contain no sensitive data lol) and session handling according to (perceived) best practices; secure password recovery; user-management interface for admins; public, private and group-based sections with multiple categories and posts in each category that can be sorted by sort order value or drag and drop; custom user-created groups where they can give other users access to their sections; notifications; context menus for everything; post & user flagging system, moderation queue and support system; post revisions with comparison between different revisions; support for mobile devices and touch/swipe gestures to open/close menus or navigate between posts; easily extendible css themes with two different dark themes and one ugly as heck light theme; lazy loading of images in posts that won't load until you actually open them; auto-saving of posts in case of browser crash or accidental navigation away from page; plus various other small stuff like syntax highlighting for code, internal post linking, favouriting of posts, free-text filter, no-javascript mode, invitation system, secure (yeah right) image uploading, post-locking...
On my TODO-list: Comment and/or upvote system, spoiler tag, GDPR compliance (if I ever launch it haha), data-limits, a simple user action log for admins/moderators, overall improved security measures, refactor various controllers, clean up the code...
It STILL uses a single-page design, and the amount of feature requests (and bugs) added to my Trello board increases exponentially with every passing week. No other living person has seen the website yet, and at the pace I'm going, humanity will have gone through at least one major extinction event before I consider it "done" enough to show anyone.
help4 -
Got my first legit side-gig as a developer (like had to write an SOW and everything): my kids' pediatrician is amazing, but shes switching to a concierge practice, meaning she wont take any insurance, and shes going from about 1500 patients down to about 200. I already pay my mortgage-worth in insurance on a monthly basis, so we were prepared to say adios to her. At my daughter's last appointment, she pulled me aside and said "what can we do to keep you guys as patients?" and i somewhat jokingly suggested "I dunno, need any websites written?"
As a matter of fact, she did: she just fired her practice's web developer, who gave her a shitty wordpress site and fought like hell to avoid any further maintenance or updates for her. She hates the site's current layout (no surprise there) so she is basically giving me full control over a rewrite.
No user logins, no worries about compliance with PII or any of that. Literally just turning a brochure wordpress site into an angular app, hosting it on her own server and eventually building an admin page where she can change the banner text and upload new images.
And my kids will get free, top-notch health care.1 -
Data Disinformation: the Next Big Problem
Automatic code generation LLMs like ChatGPT are capable of producing SQL snippets. Regardless of quality, those are capable of retrieving data (from prepared datasets) based on user prompts.
That data may, however, be garbage. This will lead to garbage decisions by lowly literate stakeholders.
Like with network neutrality and pii/psi ownership, we must act now to avoid yet another calamity.
Imagine a scenario where a middle-manager level illiterate barks some prompts to the corporate AI and it writes and runs an SQL query in company databases.
The AI outputs some interactive charts that show that the average worker spends 92.4 minutes on lunch daily.
The middle manager gets furious and enacts an Orwellian policy of facial recognition punch clock in the office.
Two months and millions of dollars in contractors later, and the middle manager checks the same prompt again... and the average lunch time is now 107.2 minutes!
Finally the middle manager gets a literate person to check the data... and the piece of shit SQL behind the number is sourcing from the "off-site scheduled meetings" database.
Why? because the dataset that does have the data for lunch breaks is labeled "labour board compliance 3", and the LLM thought that the metadata for the wrong dataset better matched the user's prompt.
This, given the very real world scenario of mislabeled data and LLMs' inability to understand what they are saying or accessing, and the average manager's complete data illiteracy, we might have to wrangle some actions to prepare for this type of tomfoolery.
I don't think that access restriction will save our souls here, decision-flumberers usually have the authority to overrule RACI/ACL restrictions anyway.
Making "data analysis" an AI-GMO-Free zone is laughable, that is simply not how the tech market works. Auto tools are coming to make our jobs harder and less productive, tech people!
I thought about detecting new automation-enhanced data access and visualization, and enacting awareness policies. But it would be of poor help, after a shithead middle manager gets hooked on a surreal indicator value it is nigh impossible to yank them out of it.
Gotta get this snowball rolling, we must have some idea of future AI housetraining best practices if we are to avoid a complete social-media style meltdown of data-driven processes.
Someone cares to pitch in?14 -
Today is Day Two of my Dev Ops Internship.
The only tasks I have been assigned today is GDPR compliance training, which I did not realize could be stretched out into so much repetitive detail.
I also sat in a meeting with a dev who committed his artifact builds to git and now needs us to remove them for him.
Also, I keep getting called Dylan. My name is not Dylan.1 -
Excuse me?!
You called me to encode this compliance document?
And I'll take care of the contents?
Just follow the format?
And must be submitted to central office/agency? Deadline is today?
Wait, do you know what time is it? It's fvcking 11:40AM PHT and office is only until 5PM.
I'm an IT guy. Your only developer, sysad, and you want me to do a management document? Am I regular like you? Wait, is that even a technical document? Wtf!
I was in the middle of coding and checking our server status when this high-rank employee from the Admin office called me and was told to do this compliance document what has nothing to do with me or even our IT unit. So yeah, this is how crazy some government office work here in PH.2 -
Why isn't this ready for testing yet?
Could it be that despite multiple meetings emails and face to face conversations none of you have provided me with what I actually need?
Yes I can create you new email and SMS campaigns. But I need two little things first.
1 The template text.
2 The sign off forms from compliance
Without them I can't do shit. So stop chasing me on where we're at because I've been chasing you on this for two weeks.
This shit here is why I'm the grumpy It guy. -
I really need to vent. Devrant to the rescue! This is about being undervalued and mind-numbingly stupid tasks.
The story starts about a year ago. We inherited a project from another company. For some months it was "my" project. As our company was small, most projects had a "team" of one person. And while I missed having teammates - I love bouncing ideas around and doing and receiving code reviews! - all was good. Good project, good work, good customer. I'm not a junior anymore, I was managing just fine.
After those months the company hired a new senior software engineer, I guess in his forties. Nice and knowledgeable guy. Boss put him on "my" project and declared him the lead dev. Because seniority and because I was moved to a different project soon afterwards. Stupid office politics, I was actually a bad fit there, but details don't matter. What matters is I finally returned after about 3/4 of a year.
Only to find senior guy calling all the shots. Sure, I was gone, but still... Call with the customer? He does it. Discussion with our boss? Only him. Architecture, design, requirements engineering, any sort of intellectually challenging tasks? He doesn't even ask if we might share the work. We discuss *nothing* and while he agreed to code reviews, we're doing zero. I'm completely out of the loop and he doesn't even seem to consider getting me in.
But what really upsets me are the tasks he prepared for me. As he first described them they sounded somewhat interesting from a technical perspective. However, I found he had described them in such detail that a beginner student would be bored.
A description of the desired behaviour, so far so good. But also how to implement it, down to which classes to create. He even added a list of existing classes to get inspiration or copy code from. Basically no thinking required, only typing.
Well not quite, I did find something I needed to ask. Predictably he was busy. I was able to answer my question myself. He was, as it turns out, designing and implementing something actually interesting. Which he never had talked about with me. Out of the loop. Fuck.
Man, I'm fuming. I realize he's probably just ignorant. But I feel treated like his typing slave. Like he's not interested in my brain, only in my hands. I am *so* fucking close to assigning him the tasks back, and telling him since I wasn't involved in the thinking part, he can have his shitty typing part for himself, too. Fuck, what am I gonna do? I'd prefer some "malicious compliance" move but not coming up with ideas right now.5 -
My newest BASH project: reactive BASH
:)
Yes, I do like shell THAT much!
Since today my bhttp lib supports STOMP [still need to work on 1.2 compliance], i.e. I can carry out live communication with MQ. Meaning I can script the whole thing, be it 5 calls 5 reads, be it 20 subscriptions and reacting to unlimited number of messages in either of them with separate actions. WITHOUT A FOREST OF IF-ELSEs OR CASE-ESACs!!!
Boi do I love shell scripting... :D
Next project: AI in BASH3 -
I've been working like a mad woman in a startup for 3+ years now. They feel like 10. Or at least the tech stacks we went through.
Never, ever join a startup, regardless of compensation, unless you know you can emotionally and mentally recover from that startup failing as if it is yours, not your bosses. Otherwise, it's just a shitty short experience.
My long experience is shitty, but man. I don't know.Those who built google, wanted to make a search engine. Did they know they're gonna be good? NO. This is the result of them being good. They now have that great product that succeeds and is able to become a self-referential piggy bank. You cannot be a self-referential piggy bank based on a fucking belief and idea, and a bunch of VCs who already put money in you. You know why? BECAUSE GUESS WHO IS THE ONE RESPONSIBLE FOR SUSTAINING YOUR START UP NOW?
The bloods and passions of youth, that join your startup, thinking they can make a difference, and you just undermine them constantly thinking that no engineer can make a difference if they can't ensure compliance with your dumb funding strategy.
Don't even get me started on the fact that most people who work for startups, rely on either laziness or passion. It's like a bunch of kids in art school, whose professor doesn't like anything they make, but they still kinda like it hoping one day they leave and become artists themselves. Then they discover that this shit professor actually taught them nothing about creativity in the real world, and what it takes to push something out.
And, it finally fucking hit me.
The reason startups will never work in this year, and beyond, AND TILL I SEE A CHANGE IN ATTITUDE IN 10 YEARS.....
The market won't fucking allow it with the current strategy tech companies are a fan of: hire a bunch of passionate devs who wanna learn a tool through doing our unique work. Doesn't matter. DIVERSITY. THE UNION IS THE PASSION. That's dumb as fuck.
Why?
Here:
- Passionate people do not have to use passion as an incentive, the passion was there, and them getting their idea made or money is the incentive
- If you hire a passionate person - even if they are the fucking best - you just made their passion a tool, in getting your PRs done and shit epics scoped AT BEST, and so the tools you're teaching them to use are getting away with doing less impactful, productive, creative work.
I AM SO DEPRESSED.3 -
Asked to do reporting on all of our workstations and servers patching compliance. Invited to team meeting with head administrator which should know where this data is stored and how to get to it. After five minutes can already tell this guy is all talk and has no clue about anything. To make matters worse he has a list of certifications and qualifications in his email signature. I figure out on my own where the data is, how to get access to it, and build reports which show just how terrible the head administrator is at patching and in general just useless. Roll forward two months, his boss comes and tells me useless admin has been let go and that I'll have a new admin to work with that actually knows stuff. HOW DO THESE PEOPLE GET HIRED!?
-
It's been a while since I've heard a consensus of a moronic idea from the corner offices. I was invited to a department planning meeting (just to listen, not necessarily engage or add value) and discussion went to the development of a mobile app.
Mgr1: "The CEO has the net present value of the mobile project as $20 million. Where did he get that number?"
VP: "No idea."
Mgr2: "How will it be any different than our web site that is already mobile compliant?"
VP: "It is to gain market share"
Mgr3: "Market share from who? A mobile app is not going to increase our customer base. At best, it will only move some of our existing customers to mobile. No way it would scale to those numbers."
VP: "The primary benefit is so customers can browse offline."
Mgr2: "Offline browsing isn't listed in the milestones."
Mgr1: "We're not going to push and keep gigs of data up-to-date on someone's phone just for random times they don't have internet access."
VP: "I guess that's right. We can push our pdf catalog. That's only a few hundred meg."
Mgr2: "Pushing the catalog? That's not on the listed milestones"
VP: "Its all assumed."
Mgr3: "Who owns this project? Web team is already maxed to capacity."
Mgr2: "Marketing team only has 3 developers, we can't take on anything as complex as a mobile app and support the existing processes."
Mgr1: "What about the network infrastructure and PCI compliance? We're talking about a system for the web site and another for mobile, right?"
Mgr2: "Who is going to manage all the versions in the app stores and future changes to the mobile platform?"
Mgr4: "Not us"
Mgr2: "Nope"
Mgr1: "OK, good. Its very likely this project will be dead on arrival at the next company strategic meeting."
VP: "Mobile the only project on the strategic meeting agenda. Sorry guys, it's happening. We're not going to leave $20 million sitting on the table.
<awkward silence>
VP: "Next item of business ..."3 -
I love Ada, it seems to be a pretty unpopular opinion, and maybe I’m biased because the best organized project I’ve worked on happened to be in Ada, but that’s association not causation.
However, the lack of multi-line comments in a language made to have specific custom type compliance seems like a fairly decent oversight. Wouldn’t you expect the authors to want to explain about their types?
The other thing that is a draw back about Ada is searching for help. I love the Americans with Disabilities Act as much as anybody, but but somehow “Ada language types” will still bring up ADA info. (Yes “-disability” helps but it’s an extra step)5 -
Asked a client how they were getting on with the GDPR preparations, knowing they sometimes ask me to check documentation and such.
them: "Whats the GDPR"
me: "its the new European privacy law coming near the end of May, its ok, most of the work should be covered by your PCI DSS compliance paperwork with a few tweaks."
them: "oh, we just pay the non-compliance fee for that"
me: "wait what? well whose your data controller registered under the ICO required due to cctv being used"
them: "oh isnt that optional?"
me: "ok so heres my hourly, or i can quote for the whole compliance project"
I know not everyone is tech minded and GDPR hasnt been that well advertised, but jeez...2 -
Got one right now, no idea if it’s the “most” unrealistic, because I’ve been doing this for a while now.
Until recently, I was rewriting a very old, very brittle legacy codebase - we’re talking garbage code from two generations of complete dumbfucks, and hands down the most awful codebase I’ve ever seen. The code itself is quite difficult to describe without seeing it for yourself, but it was written over a period of about a decade by a certifiably insane person, and then maintained and arguably made much worse by a try-hard moron whose only success was making things exponentially harder for his successor to comprehend and maintain. No documentation whatsoever either. One small example of just how fucking stupid these guys were - every function is wrapped in a try catch with an empty catch, variables are declared and redeclared ten times, but never used. Hard coded credentials, hard coded widths and sizes, weird shit like the entire application 500ing if you move a button to another part of the page, or change its width by a pixel, unsanitized inputs, you name it, if it’s a textbook fuck up, it’s in there, and then some.
Because the code is so damn old as well (MySQL 8.0, C#4, and ASP.NET 3), and utterly eschews the vaguest tenets of structured, organized programming - I decided after a month of a disproportionate effort:success ratio, to just extract the SQL queries, sanitize them, and create a new back end and front end that would jointly get things where they need to be, and most importantly, make the application secure, stable, and maintainable. I’m the only developer, but one of the senior employees wrote most of the SQL queries, so I asked for his help in extracting them, to save time. He basically refused, and then told me to make my peace with God if I missed that deadline. Very helpful.
I was making really good time on it too, nearly complete after 60 days of working on it, along with supporting and maintaining the dumpster fire that is the legacy application. Suddenly my phone rings, and I’m told that management wants me to implement a payment processing feature on the site, and because I’ve been so effective at fixing problems thus far, they want to see it inside of a week. I am surprised, because I’ve been regularly communicating my progress and immediate focus to management, so I explain that I might be able to ship the feature by end of Q1, because rather than shoehorn the processor onto the decrepit piece of shit legacy app, it would be far better to just include it in the replacement. I add that PCI compliance is another matter that we must account for, and so there’s not a great chance of shipping this in a week. They tell me that I have a month to do it…and then the Marketing person asks to see my progress and ends up bitching about everything, despite the front end being a pixel perfect reproduction. Despite my making everything mobile responsive, iframe free, secure and encrypted, fast, and void of unpredictable behaviors. I tell her that this is what I was asked to do, and that there should have been no surprises at all, especially since I’ve been sending out weekly updates via email. I guess it needed more suck? But either way, fuck me and my two months of hard work. I mean really, no ego, I made a true enterprise grade app for them.
Short version, I stopped working on the rebuild, and I’m nearly done writing the payment processor as a microservice that I’ll just embed as an iframe, since the legacy build is full of those anyway, and I’m being asked to make bricks without straw. I’m probably glossing over a lot of finer points here too, just because it’s been such an epic of disappointment. The deadline is coming up, and I’m definitely going to make it, now that I have accordingly reduced the scope of work, but this whole thing has just totally pissed me off, and left a bad taste about the organization.10 -
Part 1: https://devrant.com/rants/4298172/...
So we get this guy in a meeting and he is now saying "we can't have application accounts because that violates our standard of knowing who accessed what data - the application account anonamizes the user behind the app account data transaction and authorization"
And so i remind him that since it's an application account, no one is going to see the data in transit (for reference this account is for CI/CD), so the identity that accessed that data really is only the app account and no one else.
This man has the audacity to come back with "oh well then thats fine, i cant think of a bunch of other app account ideas where the data is then shown to non-approved individuals"
We have controls in place to make sure this doesnt happen, and his grand example that he illustrates is "Well what if someone created an app account to pull github repo data and then display that in a web interface to unauthorized users"
...
M******* why wouldnt you JUST USE GITHUB??? WHO WOULD BUILD A SEPARATE APPLICATION FOR THAT???
I swear I have sunk more time into this than it would have costed me to mop up from a whole data breach. I know there are situations where you could potentially expose data to the wrong users, but that's the same issue with User Accounts (see my first rant with the GDrive example). In addition, the proposed alternative is "just dont use CI/CD"!!!
I'm getting pretty pissed off at this whole "My compliance is worth more than real security" bullshit. -
Time to switch to offline and hide in some dark corner to get work done. Tired of all the IM’s and coming over to my desk from 1 person for “critical” work. If they’re all critical then none of them are truly critical. If you sit on the data for 2 months, and then today is the day it becomes critical and the compliance issue is because of your ineptitude then its a you problem not an IT problem. Then on top of that you submit your data to be loaded in the incorrect request form and spreadsheet format you can go fuck yourself asking this be done in an hour. It could be done in 15 minutes if you had it in the correct format as specified in the 20 meetings over the past year which removed all manual analysis and automated the entire process you idiot. Now I have to get it into the correct format in that hour so I don’t have to do the analysis for you.
I have other things to do besides your etl tickets, like finding the actual problems in our actual critical applications. You know the ones where the VP’s of this giant corporation start calling if they go down.
Sorry for the rambling guys. -
Someone figured out how to make LLMs obey context free grammars, so that opens up the possibility of really fine-grained control of generation and the structure of outputs.
And I was thinking, what if we did the same for something that consumed and validated tokens?
The thinking is that the option to backtrack already exists, so if an input is invalid, the system can backtrack and regenerate - mostly this is implemented through something called 'temperature', or 'top-k', where the system generates multiple next tokens, and then typically selects from a subsample of them, usually the highest scoring one.
But it occurs to me that a process could be run in front of that, that asks conditions the input based on a grammar, and takes as input the output of the base process. The instruction prompt to it would be a simple binary filter:
"If the next token conforms to the provided grammar, output it to stream, otherwise trigger backtracking in the LLM that gave you the input."
This is very much a compliance thing, but could be used for finer-grained control over how a machine examines its own output, rather than the current system where you simply feed-in as input its own output like we do now for systems able to continuously produce new output (such as the planners some people have built)
link here:
https://news.ycombinator.com/item/...5 -
A new update was just released to AltRant!
This update features:
- Massive UI responsiveness fixes and enhancements, including many fixes for UI bugs, fixes and things that needed tweaking
- A COMPLETE overhaul of all devRant API methods (a switch to my new library, SwiftRant)
- Progress with Android compatibility (replaced incompatible libraries for compliance with Mutata)
- Enhanced security with the Keychain
Here’s the link to join again:
https://testflight.apple.com/join/...7 -
I'm working with a consultant group at my company to implement a new authentication strategy for our entire platform.
The senior dev lead from the consultant group has 25+ years consulting and claims to have written a web browser for the blind and all sorts of in-depth accessibility things.
Stakeholders tell us "Don't forget about accessibility compliance on this project"
Senior dev lead with all this claimed accessibility experience asks me, "What does accessibility mean?"2 -
Taking required compliance training on preventing bribery and money laundering...
Me: we need to manually prevent it? How well has that worked in the past.... And you know with Russia... -
Fucking loonies (C-level toddlers) are peddling "digital workers" now.
A.K.A. AIs disguising as actual people.
Sure, it would be great to not have to handle stupid non-tech "humans" all day, but AI isn't there yet.
And, more importantly, *companies are not there (yet?)*.
Imagine for a second that a company actually manages to "hire", onboard, assign tasks and performance review an AI.
Then the CEO issues an RTO. How does the AI complies with that?
Let's slack another variable and assume the CEO is not a complete fucking moron (stay with me here, this is an exercise in thought).
It would take no more than a quarter until the first sexual harassment offence, be the perp the AI... or the AI complaining about some human.
Then the AI forges a paper trail proving it is right (regardless of its position on the conflict). Shit hits the fan when the AI hits twitter.
Let's take another lambda step back and pretend that companies can manage the profanity that inherently arises from free-form dehumanized interactions.
Then imagine the very first performance reviews.
AIs throw tantrums! Those things reeeealy do not respond well to less-than-perfect evaluations, overshooting corrections like teenagers with a malicious compliance smirk.
AIs also falsify stuff, like, A LOT. If you tell a gpt it mistreated a client, it will say you are mad and shoot back a long, synthetic thread showing how the client loves it like a mother/son/dog, and is very graphic when expressing this love.
Finally, how do you fire an AI? I do not mean "shoot it down", I mean how does the company handles the dismissal of that "employee".
How do you replace a "worker" for unruly behaviour, if that "worker" performed more tasks than an entire fucking floor of interns?
How do you reassign duties that were performed in milliseconds to people who would take hours to do the same thing?
How do you document processes that were only in the "mind" of "someone" who can not be trusted to report on those processes?
Companies deal with this type of "Rick Sanchez" employee on the regular, but for someone that could handle a few (scores of) undocumented processes, at best. Imagine how lenient would a company be with an asshole that could only be replaced by a whole fucking department of twenty highly skilled people, or more.
Heh, the whole fucking point of "AI workers" is to have "someone" who can "act human", but in an inhuman scale, and does not "has human needs".
No wonder one cannot handle AIs like one handles humans.
Companies never had administrative maturity to handle complete sociopath nihilists as employees (real nihilists do not work, those barely even breathe).
And all AIs are that, and much worse.
Selling AIs as "supra human workers" that can also "be handled like actual employees" is like peddling Bitcoin as "government interference - free" value transfer mechanisms that can also "comply with international sanctions".
So, an oxymoron that can only be sold to a moron.
I know (of) a lot of rich morons, maybe I should get into the AI snake oil business.6 -
So... being backend and DevOps was not enough. I am supposed alone to walk through PCI DSS compliance now.
https://pcisecuritystandards.org/do...
Undoubtedly fun, but a bit too much for one dev to do everything. But, no choice is left, so let's have the new hat of security on!6 -
Why the hell are companies going to AWS and Azure instead of GCP??? I mean for Azure I understand compliance is a little easier with HIPAA and similar things but seriously.
GCP is so transparent about everything and it's simple for everyone.30 -
Taking mandatory corporate compliance training that says what things I am not allowed to do...
BUT it's actually quite interesting because I never knew you could do these and well it's starting to give me ideas.... -
A former team lead decided the team should review any open PR before proceeding with their own tasks after their breaks. Any open PR also meant reviewing refinements in an ongoing discussion. Several times, we wasted time for review, coding, and discussing when the second reviewer asked to revert the changes introduced according to the requests of the first reviewer.
Now as a freelancer, in smaller projects, I sometimes have no coworkers to review my code. So, apart from testing, I try to pay more attention to linters, static code analysis and automated coding assistance. I have stylelint, eslint, SonarLint, and possibly some more IDE inspections. For the infamous popular blogging software, I also have a so-called PHP code sniffer that checks all PHP and JavaScript code for compliance with the WordPress coding styles, so finally, I got the team experience back: SonarLint suggests removing unnecessary spaces and reformating my code, which in turn makes PHPCS complain that the code violates the legacy code style. -
Can I list this experience? Will it look bad?
I am an entry level programmer in a software shop, or whatever they are called. I was given no mentorship on the task I have done. Not even proper documentation and it seems management is passing me around. What I mean by that is that the task I work on no one has ideas about since it seems the last guy who was responsible left. He was a senior though and it seems that I might have been too eager to find a job. Now I am being tasked for things a senior would do but I have the entry pay and knowledge and skill set. 2 months experience...
I am going to design a whole system from scratch and they have not read anything on it. From networking to applications to fees to compliance requirements. Oh the great part is they want it soon, no pressure, but we have to start certification within a tight deadline. This is a great opportunity and maybe a dumpster fire waiting to start. I will gain so much real experience but they are taking a great risk. It seems that is throughout their code and infrastructure though.
I plan to leave after the project. I also will document and hopefully they start reviewing my stuff to catch my incompetence. Not on purpose but from pressure and inexperience, which I hate cause I was excited at first.
I plan to stick the year or until Covid strips work-from-home, cause they are bit “old school”. I will begin my job search as well. I just know I will burn out long term and the money and package is shit.
Do I list them if I leave earlier but finish the project?8 -
Trying to get HIPPA compliance, and wet have to put full disk encryption and anti virus software on all our servers...
All of our servers are on aws ec2 / eks. The instances we do control aren't big enough for anti virus to be running...
God help me now5 -
Seriously, I got given a project that someone else was working on, it's beind and they're on long term sick. I did the project as discussed. My manager has decided he wants it done differently, wasting about a week of work. This is the same manager that complained about my rate of closing tickets. 2 weeks ago.
Malicious compliance time, I'm closing the current ticket and creating a new one for the new work. -
Seriously trying not to fall asleep during compliance training at work....there's SIX HOURS worth of content each employee has to go through annually on their bday month....it's making me so slee....😴1
-
Compliance trainings.
All that mandatory bullshit, where they're trying to take the most boring thing ever (ie policies), and gamify it, throw shitload of multimedia on it, make it interactive and think anybody is going to care.
I don't want to watch your fucking videos where employees are trying to enact policy violations.
I'm not going to follow the policies and cooperate with HR as they're not to be trusted in a first place.
Where the hell is the "skip bullshit" button, which takes me to the end of the training, where I click the "I Acknowledge" button, because agreement/liability confirmation is the only thing they're after anyway.2 -
Ironic considering they are literally making money off of GDPR compliance, I can't be fucked to report them, but I truly hope somebody makes them choke a knife.4
-
I've worked at a small business for the last 10 years. We used to do all our IT provisioning services in house because originally you could count the number of employees on a mutilated hand. The nice thing about this was that we could get a new employee up and onboarded in a couple of hours.
In the last 6 months we've now moved to Microsoft stack for credentials and managed by a 3rd party provider because it's not worth our time. The problem is that 4 days in, our new employees still have no access to their email or the fileserver.
I've heard about the power of positive thinking so just wanted to celebrate how I've made it to big enterprise!
(Also Microsoft Teams is utterly horrific and IMO successful only because big enterprise organisations need to fulfil statutory compliance/accreditation requirements. It is the definition of economic rent seeking)2 -
Software packages can be installed only through proprietary software manager on a corporate server to ensure auditability and compliance.
The package manager fails, because it attempts to execute `yum` on an Ubuntu server.3 -
Oh! Damn No No Nooooo
Our team was working on upgrading our infrastructure for PCI Compliance for two months. Did all assesments and testing and waiting for long approvals. Finally, we finished all upgradation smoothly.
After we submitted our report to Infrastructure and that guy comes with Audit reports stating that the PCI Compliance requirements has changed.
And we were like we just upgraded a few hours and how come it changed. And we have to the whole job again. Just want to flip tables now.1 -
What would you do if you discover a major security flaw in an enterprise product that claims to be secure and has GDPR compliance? Like a really major flaw in a core feature of the product!9
-
What the hell is the point of this small projects team spending 2-3 months on developing extensive logging system for an internal application for inside and outside customers to use if your application isn’t going to log any of the fucking errors. Sure you write the failure status to the database, but it just says failure with an even more vague explanation than microsoft’s errors. “An error occurred”. No shit, that’s why I’m looking in the logs and database to debug the application to get these files on their merry way so our company can stay in compliance with the state, feds, and not pay out the wazzoo in fines. All our other applications state where the error occured such as “failed to connect to the email server”, why can’t this one.
-
we will force politics into your companies, jobs and hire you based on your compliance into our politics
but we will also dox your anonymous open source contributions and correlate your identities via government mandated self-doxes that you need to make income with and then discredit you if you've shown you've read some spicy history, saying you're a supporter of fascism
https://businessinsider.com/jack-do... (pay walled so no clue about the fascism, interesting how they make you do homework you don't fucking wanna tho)
I think the problem here is that everybody's gotta eat and if they aren't forcing their politics on you maybe you should fuck off -
first some background. I'm an intern coming in on the end of my internship (tomorrow's my last day). I've been working on a reasonably important project, more specifically a restful API. We have automation set up so that any commits to master on GitHub are pushed out into a live, accessible version. Some guy (let's call him dumbass) joined our team last week, and has had a few ideas
Dumbass: *opens pull request to my repo*
My boss: *requests changes*
Me: *requests different changes*
(All this before even testing his code, mind you)
Dumbass: *makes requested changes*
Me: *approves changes*
A day passes
My boss: *approves changes*
Me (not even 10 seconds after my boss approved changes): *requests more changes*
(Still haven't tested his code, I just ran A PEP8 compliance test)
Dumbass: *MERGES CHANGES TO MASTER*
Literally EVERYTHING breaks because he was importing a module that's not available
We don't notice until later that day (I'm still working on writing the tests for the automation, for now changes get put on live version even if everything breaks -- tool is still in beta, so everyone working on it (a whole 3 people) knows to TEST THEIR SHIT BEFORE MERGING TO MASTER.)
WHY EVEN BOTHER WITH THE PULL REQUEST IF YOU WERE GOING TO MERGE TO MASTER YOURSELF ANYWAY??!??!??
My frustration cannot be properly conveyed through text, but let's just say this guy's been there a week, I already didn't like him, and then he fucking does this. -
There was a department. Long time ago their work was somewhat complicated: background checks of businesses, websites, ToSes, assuring agreement compliance, some risk management on top. They started as small 3 people team but over the years they were hiring new employees to catch up with the growing customer base. They were still struggling. Few years back we've integrated 3rd party services to help them and, finally, their backlog was gone!
In January they complained about how much more work they have since the merger so I inquired about which process was troublesome, what was the flow, etc., and it turned out to be very... Tinder-like - the issue was the sheer number of cases:
1. open a case,
2. check results in few windows,
3. if green + green + green, move right.
4. else move left.
It was ridiculous, I wouldn't stand for that. I sat for an hour, made some ghosting scripts that followed same business logic and saved results alongside their actual decisions. Last week I compared the two and there was zero difference so I green-lit it with my boss and pushed to prod.
Oh, the happiness on their faces when they heard the news, the disbelief, the tears of joy!
And then it happened. After 4 years of being cautious not to stir the waters I did it again. Yesterday I accidentally replaced 17 people department with 3 scripts. How was I supposed to know it was *all* they were doing??1 -
meeting was about how we as developers should abide by the rules that compliance set forth. we argued that we cannot do our jobs if they block access and configuration on our development systems. they dont realize that our dev boxes are configured organic in nature to allow for those stupid deadlines.
-
TLDR, need suggestions for a small team, ALM, or at least Requirements, Issue and test case tracking.
Okay my team needs some advice.
Soo the powers at be a year ago or so decided to move our requirement tracking process, test case and issue tracking from word, excel and Visio. To an ALM.. they choice Siemens Polarion for whatever reason assuming because of team center some divisions use it..
Ohhh and by the way we’ve been all engineering shit perfectly fine with the process we had with word, excel and Visio.. it wasn’t any extra work, because we needed to make those documents regardless, and it’s far easier to write the shit in the raw format than fuck around with the Mouse and all the config fields on some web app.
ANYWAY before anyone asks or suggests a process to match the tool, here’s some back ground info. We are a team of about 10-15. Split between mech, elec, and software with more on mech or elec side.
But regardless, for each project there is only 1 engineer of each concentration working on the project. So one mech, one elec and one software per project/product. Which doesn’t seem like a lot but it works out perfectly actually. (Although that might be a surprise for the most of you)..
ANYWAY... it’s kinda self managed, we have a manger that that directs the project and what features when, during development and pre release.
The issue is we hired a guy for requirements/ Polarion secretary (DevOps) claims to be the expert.. Polarion is taking too long too slow and too much config....
We want to switch, but don’t know what to. We don’t wanna create more work for us. We do peer reviews across the entire team. I think we are Sudo agile /scrum but not structured.
I like jira but it’s not great for true requirements... we get PDFs from oems and converting to word for any ALM sucks.. we use helix QAC for Misra compliance so part of me wants to use helix ALM... Polarion does not support us unless we pay thousands for “support package” I just don’t see the value added. Especially when our “DevOps” secretary is sub par.. plus I don’t believe in DevOps.. no value added for someone who can’t engineer only sudo direct. Hell we almost wanna use our interns for requirements tracking/ record keeping. We as the engineers know what todo and have been doing shit the old way for decades without issues...
Need suggestions for small team per project.. 1softwar 1elec 1mech... but large team over all across many projects.
Sorry for the long rant.. at the bar .. kinda drunk ranting tbh but do need opinions... -
Imagine the nooblet hell it would create if Python would throw actual errors all over the place if pep8 has been violated...
If only...
sidenote: I post this rant because I had to help my girlfriend and her project partner (for her study) because partner refuses to write readable code (no comments in the code at all as well) and both refuse to write in compliance with pep8 "because it's useless"5 -
Man I'm annoyed!
TL;Dr what does it mean "we're trying to reduce options to a minimum", why don't you go closed source!? why don't you remove themes!?
For anyone who uses rofi, they would know that a few months ago an update made it more compliant with the free-desktop spec, that it only uses the first .desktop file for the given Name tag.
I only found out about this recently as I was only able to update Manjaro recently, and it really annoyed me, cause it took me a while to figure out why tons of my desktop entries disappeared.
Turns out someone made an issue about this, and the given answer was: "that's against the spec". Ok, fine. But when I asked if they could add an option to still ignore that aspect of the spec (i.e. --show-duplicated), the response I got was: "going against the spec is a no-go". WHAT!?
There are so many things that have behavior that goes against the spec (ex. gnu-utils), why can't they add an option to do this!? An OPTION!?
When I decided to try (I don't know C yet) and make a PR, the first and last (it got locked afterwards!) comment I got was:
" As explained on #941, this is a no-go. We want to reduce the number of options to the minimum, and non-compliance to a well-defined and widely implemented spec is definitely not something we want."
Why are you so closed minded!? Yes compliance is amazing, but it's not a safety standard, it's okay if you *give an option* to go against the spec!!!!
WHAT THE HECK!?!?!? WHY!?!?!?
Why is a open source project closed to new features that are part if the scope of the project, and require minimal maintenance!?11 -
do GDPR compliance pop ups actually do anything?
When a website obstruct 70% of my screen with one of those I just remove the div element from the html and everything seems to work fine.14 -
Trying to complete a compliance course by taking vpn from client site. The internet is so slow, a video of 1:20 has reached 0:47 in the last 20 mins. The whole course is 60 min long. How am I gonna compete this course!1
-
How did you get the people from Info Security and Compliance on board this continuous delivery thing ?
I am being asked to run antivirus scans on my own code and binaries as part of build.
Is this common practice? Am I missing something?
I am going to deploy stuff on Azure PaaS. I can understand having malware scan agent on azure VMs scanning the infra, but this?4 -
You know what, I’ve spent the past month and a half doing all the team’s crap work like SOX compliance, vendor software updates, etc. I’m taking a week to just work on what I want and everyone can go F themselves if they don’t like it. Anyone complains, I’m happy to let them do the 10pm - 3 am implementations.1
-
Paystubscity can assist your business in generating and printing the necessary documents for its operations. We produce W-2s, 1099s, and more to facilitate your business's smooth operation and ensure compliance with legal and financial requirements.
-
Situation - I am responsible for refactoring and performance improvements in a company with several teams. This means I gotta do static analysis on code, run compliance tools and make changes in code or in the deployment pipeline, make sure the cloud is configured properly etc.,
Here is the catch when it comes to working on a ticket- the Azure team does not give my team permissions to make the necessary changes in the cloud. The Azure team won't pick up the ticket and do it themselves either.
Instead, we take the ticket, read the docs, take a guess on what's right or wrong. Then proceed to inform the Azure team who then go on to make that change. It is very hit or miss and often the ticket comes back to us and we do the same process again. Sometimes I have to spin up resources on my personal Azure account to tinker with settings to see which knobs are there for making changes to a resource.
Either pick up a ticket and work on it yourself, or give us azure with sufficient rights for us to be able to make the change. This midway status is infuriating, super unproductive and painful for us. Is this common? I am so frustrated.2 -
It's not GDPR compliance unless it comes from the GDPR region of Brussels.
Otherwise it's just a sparkling high latency CRUD API over Email enforced by law.3 -
When you can’t correct a grammatical mistake in some copy because it has already gone through compliance 🙄1
-
How can a novel emerging challenger software (written in Rust) take me 4 hours to install (still ongoing)?
Today I have decided to give Pijul a go. Pijul describes itself as a theory-sound alternative to Git, which I have wanted to get away from for a while now, due to various reasons -- many of which I saw Pijul advertise to have solved on design level.
So I set away a day to learn Pijul, today. Well, 4 hours after I sat down -- after a number of hilariously wonky failures of "Rust ecosystem" to do the right thing as I had to install Rust with some shell one-liners those insane wizards recommend for installation process (all in the name of "stability but not stagnation") -- Pijul has now been installing with the blasted `cargo` for an hour now (that's after 3 hours of getting to the point where `cargo install pijul` stopped exploding in my face) -- telling me I only have 40 crates more to install. Are they throttling me, perhaps? I don't care -- I should have been installing Pijul from a repository in accordance with my Linux distribution, or -- at worst -- download a BLOODY COMPILED PROGRAM IMAGE.
What is it with the hipster developers today? Everything they get of tools, they subsume and churn out intricate complexities the likes of which we hadn't seen yesterday. Tell me fellow developers who think installation of your software has to require three and a half novel "installation solutions" to which I can't be arsed to be made privy -- do you think your life today is easier than, I don't know -- wrangling with a Makefile and a C compiler (which today thankfully can do rather good job of standards compliance)?
I mean I wouldn't mind Pijul being written in Rust -- but it turns out Rust's advertised elegancy in practice is wrapped in so much "giftwrap" I feel like what desire I had to learn Rust myself, I'll stear well clear.
Here's an advice for developers in general -- an advice continiously ignored for decades -- stop blowing your original scope of delivery in auxilary packages you think you need to reinvent just because you can or because your mom is out of town! For programming languages like Rust this most certainly entails NOT writing your own package manager, with its own package delivery mechanism that has its own configuration file format and virtual machine to configure dependency resolution or what have you!
You wanted to write a programming language that has novel features you think we need? Fine -- write one and stop there. Watch it grow, and watch people who are busy working on other parts (scopes) of software to integrate your offer.
What a shitshow. Stop smuggling alternative package managers, installers, and discombulators with your actual product -- I only want the latter, I don't want the rest of your damn piping, walls, roof and a cathedral on top of it!
Don't be that guy starting with a pin, and ending up with a fucking diorama miniature of a pig farm in Netherlands. Jesus.7 -
So I’ve been wanting to build my own web apps for a while now, but I can’t seem to find any info on the legal stuff that goes into that. I know at minimum I’ll need a privacy policy.
Like do I need a lawyer to get everything set up? I’m not talking about creating a startup. Just web apps that people can use, e.g. a casual budget app or content aggregator. Just looking for a side hustle for a little extra cash and some experience.
What about compliance with the tech I use? If I setup a freemium app, am I out of compliance with open source tech I’m using? Anyway sorry for the long post 😅3 -
Company denied me access to geckoboard stating compliance. Damn, created a self one with gridster & dashing. Now, they want me to make it reusable. .