Our website once had it’s config file (“old” .cgi app) open and available if you knew the file name. It was ‘obfuscated’ with the file name “Name of the cgi executable”.txt. So browsing, browsing.cgi, config file was browsing.txt.
After discovering the sql server admin password in plain text and reporting it to the VP, he called a meeting.
VP: “I have a report that you are storing the server admin password in plain text.”
WebMgr: “No, that is not correct.”
Me: “Um, yes it is, or we wouldn’t be here.”
WebMgr: “It’s not a network server administrator, it’s SQL Server’s SA account. Completely secure since that login has no access to the network.”
<VP looks over at me>
VP: “Oh..I was not told *that* detail.”
Me: “Um, that doesn’t matter, we shouldn’t have any login password in plain text, anywhere. Besides, the SA account has full access to the entire database. Someone could drop tables, get customer data, even access credit card data.”
WebMgr: “You are blowing all this out of proportion. There is no way anyone could do that.”
Me: “Uh, two weeks ago I discovered the catalog page was sending raw SQL from javascript. All anyone had to do was inject a semicolon and add whatever they wanted.”
WebMgr: “Who would do that? They would have to know a lot about our systems in order to do any real damage.”
VP: “Yes, it would have to be someone in our department looking to do some damage.”
<both the VP and WebMgr look at me>
Me: “Open your browser and search on SQL Injection.”
<VP searches on SQL Injection..few seconds pass>
VP: “Oh my, this is disturbing. I did not know SQL injection was such a problem. I want all SQL removed from javascript and passwords removed from the text files.”
WebMgr: “Our team is already removing the SQL, but our apps need to read the SQL server login and password from a config file. I don’t know why this is such a big deal. The file is read-only and protected by IIS. You can’t even read it from a browser.”
VP: “Well, if it’s secured, I suppose it is OK.”
Me: “Open your browser and navigate to … browse.txt”
VP: “Oh my, there it is.”
WebMgr: “You can only see it because your laptop had administrative privileges. Anyone outside our network cannot access the file.”
VP: “OK, that makes sense. As long as IIS is securing the file …”
Me: “No..no..no.. I can’t believe this. The screen shot I sent yesterday was from my home laptop showing the file is publicly available.”
WebMgr: “But you are probably an admin on the laptop.”
<couple of awkward seconds of silence…then the light comes on>
VP: “OK, I’m stopping this meeting. I want all admin users and passwords removed from the site by the end of the day.”

Took a little longer than a day, but after reviewing what the web team changed:
- They did remove the SQL Server SA account, but replaced it with another account with full admin privileges.
- Replaced the “App Name”.txt with centrally located config file at C:\Inetpub\wwwroot\config.txt (hard-coded in the app)
When I brought this up again with my manager..
Mgr: “Yea, I know, it sucks. WebMgr showed the VP the config file was not accessible by the web site and it wasn’t using the SA password. He was satisfied by that. Web site is looking to beat projections again by 15%, so WebMgr told the other VPs that another disruption from a developer could jeopardize the quarterly numbers. I’d keep my head down for a while.”

I think I want to quit.

I know it’s a bit of an inconvenient time with there being corona around but everything was okay up till January. I’m a junior even though I shouldn’t be. Since my manager told me and my team leader senior in my review “maybe you two should switch jobs” things have been going downhill. I think the team lead had it out for me and didn’t put me on a new project, I’ve been left with doing stupid basic shit like updating text on websites in a cms and doing fuck all and then there’s also another guy that was basically harassing me trying to put me in my place any time I was doing better than him and literally both of them been like that ... and now that I’m working from home it’s even worse. I don’t have any kind of assurance that everything okay and actually I think I’m being framed as welll since I found keyloggers on my work laptop and deleted cleaned shit up the past two weeks and changed my WiFi security as there were like 5 unknown devices on our network so yeah .. I’ve been framed and they made it out like I put a powershell script on one of the servers and it crashed a Porsche website for 8 h and all kinds of bullshit - this was yday. On Tuesday they logged me out of everything like changed the password for work vpn and kicked me out of slack and Microsoft teams for over 2 hours till the end of shift and two managers weren’t answering their phone and then next day my manager called and apologised that saying that he “accidentally” did that to me along with 15 people they let go from the company....

I’m seriously thinking of quitting being removed from team group for a moment , not being on a project and people literally trying to put me down after I know I’m genuinely smarter than them and if I had over 10 years experience like those on my team (I have 1) I’d be far higher up and better

They can genuinely just go fuck themseves !!!! And here I was going to work over weekend on something! No fucking way I just wanna quit or give in my notice but because of corona I’m divided

Recruiter reached out on a certain other social network where people seem to be humbled a lot.

First interview (a day later) goes well

Second interview (a week later) also goes well. They tell me there's one more technical interview, but that shouldn't be a problem.

A week later, that interview is a breeze too. Interviewer said they'll prepare the paperwork.

Another week goes by without communication, so I ping them.

A week after that they send me an email saying that they need references they can talk to. A co-worker and a direct manager.
Uncommon in my part of the world in general. But coming up with that idea this late in the process? Really? But ok, I provide those in like an hour.

They take their time, but eventually call the co-worker. Another week after that, they still haven't called the manager, so I ping them again.

Silence for another couple of days, then a very sad email about how the general situation has changed and they've now stopped hiring indefinitely

Customer: You don't seem very comfortable with this; maybe you could pass it on to another engineer..?

Situation:
I'm a System Management team engineer. Customer is asking about licensing (which is a different team) and has that very rude habit of asking a question, doing a small pause in which I start answering, and then speaking again and cutting me off; thus causing me to seem very splutter-y. Since I couldn't give a definitive answer to his licensing question he doubts everything and thinks I can't do crap. And he's the one who wants me to sit on an upgrade with him because he's too afraid to follow documentation.

His words to me: "Have you ever done this upgrade before; I mean are you familiar with it?"

Me: "Nope since it's not policy to sit on upgrades as we are a break-fix center but I've directed other customers to do it through the documentation I've given you and they got on fine."

Seriously doubt the capacity of some of these guys to do an upgrade where there's step-by-step videos and very legit documentation (never mind this upgrade uses the tool which has the best record for not breaking)

As promissed.

Day #1 on THE other project. Nothing fancy, just setting up my dev env. Got a decent pc with all the required network permissions. And this time I got w10 [last year I was working there on w7 pc via rdp from another w7 laptop. Dont ask...]
of course no localadmin rights to set shit up. Downloaded all the installs, found someone who has admin rights to run them. I even managed to get admin powershell!

Ran all installers, enabled long paths support, env vars, tweak here, tweak there,... Installed git bash to at least have a taste of shell. Decided to try out wsl. Enabled the feature, didnt reboot right away.
Rebooted. 2xclick on ubuntu setup and I get an error claiming wsl is not ebabled. Wtf? Did I do it wrong? I see bash command is there now so I must have done it right. After some googling I found out that even though I can enable wsl, it doesnt work on my version of windows. It's too okd they say. Yeah, tx MS, that's very intuitive and user friendly!

Allright, my hopes to habe a decent sub-os died. Git bash it is :( but I miss tmux soooo much. Then I came across smth that caught my eye. Msys2 it's called. Apparently it's based on cygwin and has a pacman package manager! ´pacman -S tmux´ -- hippee-ka-yay motherfuckers! It's not the best terminal emulation, but it works quite allright and it has tmux. And netcat!

Banished to mouseclickerland still managed to find a good enough shell. Yayy!

So there it is. My first day's ups and downs, disappointments and discoveries.
If you know a better shell I could set up on w10, please, share