Do Easter eggs (innocuous ones) tick?
It is Monday, and time to stare glumly at the week of patching that lies ahead. Pause a while before hitting that update button with a cautionary tale from Who, Me? about support contracts and a naughty, naughty programmer. Our story takes place in the mid-1980s when a reader Regomised as "Chris" was toiling away at an …
I once did a government project and it took a few months before someone on inside sent me a private email that it was quite OK to hide a page in the core webserver with the names of the people who worked on the project. However, us using the 2600.org background for it could have raised questions in some quarters, so he removed that before anyone with a lesser sense of humour came across it :).
He's still a very dear friend, and I hope he enjoys his retirement.
An employer I used to work for shall remain nameless in the hopes that the shame might eventually die.
I am not now nor have ever been a programmer, but the gent in the cubicle next to me was. I'd hear him bitching & moaning about this or that, grumbling how managers would demand conflicting goals to other managers, and all manner of "Why can't they leave me alone long enough to do my fuckin' job?" style complaints.
One manager gave him a set of goals that had the program he was writing so that it would give the output one way, but then another manager would give him more requirements that couldn't be resolved with the first set. He'd talk to his immediate manager, that person would then give him a third set of mutually-exclusive goals, and he'd be up shit creek with at least two managers no matter which set he went with.
He finally figured out how to satisfy all of them by simply requiring the user to log in with their employee ID in order to run it at all. Depending on whom was logged in at the time, that determined which set of codes to use & which to ignore. All well & good, right?
Nope. One manager went to another to crow "Ha ha, he did it my way!" only to find that other manager happily using the software & obviously NOT in the first manager's screens. The bickering attracted the attention of the third, the three compared notes, & my friend was cornered by the trio to demand to know WTF.
My friend showed them all the emails proving that all three had given him mutually exclusive goals, that when he tried to complain he was told to "make it so" as if he were a damned StarTrek engineer, and the paper trail proving that there was no way to legitimately deliver all three sets. So he wrote the code in three separate ways, one each to satisfy each of the bastards. Which should have satisfied them, right?
No. They had an argument standing in his cube about which set would remain & which ones would get the axe. Never mind that all three managers thought themselves better than the other two, never mind that my friend was stuck in limbo (getting paid by the hour) to sit there & twiddle his thumbs while they shouted at each other, & never bloody mind that the software was now over a month late because of said idiotic wanker waving.
My friend had the editor open & sat idly typing away during the argument. I asked if he was having fun. He smirked & showed me that he was transcribing their argument into the code of the software.
When the three went away to consult a fourth, my friend saved the changes & rewrote the three sets into a single "best of" set that could handle all the things the *customer* would need, but essentially ignored what the three shouters demanded. And THAT version was what the Senior VP approved & told my friend to ship...
I was there when one of our customers called to talk to my friend & was laughing so hard it sounded like they were choking on their own tongue. Why? Because they had read the transcription my friend had forgotten to excize from the code.
My friend took his vacation shortly after that call ended, so I have no idea what happened to the shouty managers & no idea what the temp coder that was tasked to deal with the "patch" thought of what or why he was patching.
I'm kind of glad I'm not a coder. I'd be too tempted to leave a fully charged Shocky Stick in a desk drawer for LART'ing anyone that annoyed me... But then, it's a good thing I'm retired so I don't have to deal with those blighted sacks of stupidity anymore.
Had a similar experience at a client where two directors had one of their stand-up rows in the main office in front of their staff and several of us freelancers* about which way the application should make up production batches. This wasn't resolved.
A colleague wrote a work of art solution where every possible parameter affecting batching was held in the database with a big data-entry form so the operators could set it up in whatever way they were told. We set up some reasonable looking values before it went live and as far as I know they were never changed.
* Obviously their frequent toys out of the pram events were one of the facets of face-to-face communication, team integration & what-not that you miss when everyone's working from home.
"because of said idiotic wanker waving"
You are reporting this as if it is something somehow unusual. When you have more than one level of management involved, it all goes to shit and it's usually your fault (even though THEY are the flamin' "management").
It's pretty much why I no longer do IT for pay, and looking around at what happens at work (both in and out of IT), it seems as if the entire point of management is to line up and disagree with what the other one said.
F'em all. Give me my red stapler....
That's hillarious, but it is avoidable. I've been a developer for many years and the trick to multiple managers asking for different things are many, but 2 good ones are:
1. Have someone far above their pay grade pick a single product owner.
2. Have all of them in a single meeting to discuss requriements, this will result in world war 3, but the producing a product afterwards will be possible (but it will probably suck).
I think at least half of producing software is understanding the requirements and if you have a good manager, they sort that out for you. I've come up with a lot of tricks for getting requirements out of customers over the years and I find that to be a very important skill. No matter how crazy the customer, it is generally possible to do... And if there isn't you can always quit. The job market for developers is red hot.
"Have all of them in a single meeting to discuss requriements"
Education rather than IT but when sorting new stuff out with different middle managers tending to sit in their silos a director level person I worked with used this strategy to good effect.
All the players in a classroom, if more players identified they received The Summons. Flipcharts round the walls. My job was to write decisions with names against them on the flipcharts. The result was a plan with a time frame and lists of names of people/departments who needed to do what by when. Noone left till it was all sorted (coffee/sandwiches sent in if needed). Then I had to turn the flipcharts into a project plan/set of notes and circulate it.
Quite often the plan changed as we went along, but it got that initial consensus going. Tended to work quite well.
"...you can always quit. The job market for developers is red hot."
OP here. Normally this might be true, but it wasn't at the time. The job market had tanked & you were lucky to have a job at all. It's why he put up with the shouty managers as long as he did, because the alternative was to complain & risk getting fired.
Everybody complaining about conflicting requirements should count themselves lucky. Most of the projects I've worked on lately have almost no requirements except the release date.
When the software goes into QA with inadequate requirements, the testers blame the developer for not refusing to start coding until they're clarified.
Then when it gets into UAT with two days to go before release, everybody blames the developer if the result doesn't exactly match their private wet dreams.
I had "better" requirements. I was doing log reporting to meet US government B1 security.
Reading the requirements doc I looked over the A(?) level security requirements. The one part I remember seemed to basically say you needed to report on any hidden/unknown channels to sneak data off of the system.
"I am not now nor have ever been a programmer.."
I started out as a system engineer on the networking side of things. But as everyone knows, it's all 'IT' to management, so I was constantly having to tell them 'I am not a programmer.'
All they ever heard was 'Didn't Bob say something about being a programmer?'
Guess what I ended up doing. No complaints, worked out well, paid well, interesting work, met a lot of strange people.
"rarely had anyone on the staff who could read it"
OTOH it could be quite handy for the vendor if the customer had someone available to debug the code. After having had two Friday lunchtimes interrupted when the weekly billing run exploded I spent an afternoon drilling down and found, buried several loops deep, a statement asking the server to allocate an object which wasn't released so the server process grew until it reached its maximum memory allocation. Followed by a phone call - not the last - to the vendor to tell them how to write software for that particular RDBMS.
Similar tale with an application written against an Oracle db. This software near enough ran a chemical plant, I inherited the db when the client switched to us for maintenance. Performance was always slow, and got dramatically worse with a new, major, all-singing all-dancing upgrade - even though a couple of new app servers were added and the db server was improved . So one weekend I left trace on, carted the couple of Gb of log files onto a spare server and ran tkprof to sort the sql. I thought I'd get maybe 20 or 30 high-usage statements that accounted for the bulk of the resource consumption, that could perhaps be addressed with indexes etc. No, there were thousands of single-use statements - it transpired that hardly any statements were re-usable, so the db was having to parse and optimize every single query. They'd used loads of dynamic sql, forming up the statements to include eg "part_no='A1234dd5". Turned out that bind variables were an unknown to the newly-recruited sql "expert". Took them about a month to re-jig the most widely-used bits of code, and performance became satisfactory (it never became fast, I always said it was because we running on windaz). The software vendor had the good grace to send thanks, and intimated that other customers were grateful too.
I've seen plenty of similar issues where supposed "database experts" had no clue about various "vendor specific edge cases that they had no need to be involved in", such as:
How in Christ’s bloody name do you build a real-world relational database without indexes and referential integrity? I didn’t even bother to read further. The damn stupid Shelly Cashman Access book has indexes in chapter 1 and ref integ in chapter 3! The ‘experts’ haven’t taken an intro course on Access... When I last looked at real database courses, as distinct from how to not access Access, indexing and ref integ were mentioned early and often. Had the ‘experts’ even been close to a class on SQL?
How? The usual route appears to be to pretend that databases don't really exist and to instead use an abstraction toolkit to access the data. While these are passable for simple applications, unless used by a knowledgable developer it's very easy for dumb defaults to be used and for the database to be created by such a system. Utterly unmaintainable of course, and inefficient as hell.
This allows the "design" of a real-world "relational" database where the only indexes are primary keys and not all tables even have primary keys (oh hell was that fun to discover) and where foreign key constraints are managed solely at the application level and not at the database level. As in it's a database, but there's bugger all relational about it.
In one specific example a toolkit called CodeSmith was used, and for extra shits and giggles many queries were created as text rather than parameterised. It's not that CodeSmith couldn't be used sensibly, it just wasn't.
On the gripping hand, one could argue that that shouldn't have been (wasn't?) in your job description. Your company paid the outside vendor for that kind of thing, and I seriously doubt your employer was compensated for the work you did for said vendor. I'm pretty certain you weren't compensated outside your regular salary/comptime.
Yes, I know, we've all been there ... Doesn't make it right.
It's the mid 1990's and I have a customer using financial software for their payroll on a Unix system from a company that was selling their solution based on how cheap it was. The issue was not only was it cheap but also not very good. A major release was coming and my customer had invested heavily in getting the new release up and running and was literally banking on some of the new functionality. The new release is made available and the software vendor states that they will install for a small (Ah hem) premium, the price was astronomical and the customer said no - So the customer application team (1 guy) was tasked with the install and it did not go well, it seemed looking at what he had done to be very complex and he hit a wall on a strange error. We were asked to take a look, it was a very convoluted install and to be honest we could not make sense of it. So one of our coding guru's took a look and wrote a script to install the software, it worked ! It seemed to us the software company had a plan to extract a handsome premium for install services by having a stupidly complicated install instructions if customers attempted themselves. The software company was acquired by an outsourcing operation in the early 2000's, so I expect their legacy is no doubt thriving ..........
When we had a Xerox Desktop Publishing system installed at the engineering company where I worked, the installer came with a huge box of 5¼ floppies to install and configure the software. We were given a list of what functions were available, and the cost of having each one installed, and we picked what we thought would be needed and were billed accordingly.
Some time later, we decided that we needed a couple of extra functions, so a maintenance engineer came along and logged in, ticked the relevant boxes on the installation list, and logged out. I asked how this was possible, to be told that all the necessary software was actually already installed, it just needed a tick in the right box to activate it. We were then billed both for the extra functionality and the installation thereof.
About a year later, I needed another function to be switched on, so I tried to log in using the original password, but it had expired. After quite a bit of cogitation, I realised that, if I were to disconnect my workstation from the server and reset the date to the previous year, the old password would let me in, I could switch on whatever I liked, and then reset the date to the correct year and reconnect to the server.
Over the next couple of years I switched on nearly all of the functions on my particular workstation, and no-one was any the wiser.
Back in "the day", when I was but a young nipper in the 12th year of my school career, I had a job in the "unit record office" at the school. This involved helping the professional who worked there, while picking up useful tidbits of knowledge about antiquated IBM machinery and earning a bit of cash.
The big machine in the office was an IBM 402 Accounting Machine. A large electric motor, many mechanical tidbits, anaconda-sized cables wrapped in laced cloth, and a hinged rear panel that opened to reveal two very large panels of relays. Programmed by pushing colored wires into a large, perforated, Bakelite panel.
One day, when the amount of work was greater than the allotted time in which to accomplish it, the professional opened up the back of the machine and pulled out a relay. The machine instantly went into "high gear", printing twice as fast. He explained to me that this wasn't to be done lightly, as it created more stress on the machine's mechanical innards, but that it was OK to do (but never when the IBM guy was around) as there was another version of this machine, built somewhat sturdier, that rented for twice as much per month, in which this relay was intentionally absent.
'Twas ever thus...
"I could switch on whatever I liked"
Video recorders were a bit like that in the end. I opened mine up to clean the heads (with isopropyl) and noticed a set of links, some made, some not.
I removed them all and installed a bank of DIP switches. Then I fiddled.
And ended up with a video recorder that could do NICAM stereo and long play.
It seems it was cheaper to make identical units and choose features by links, than to make actually different models.
And thus comes the whole right to repair argument. We bought a used Audi some years ago - it did not come with satnav installed, but installing it took approximately ten seconds on the dealer's computer. BMW are experimenting with renting out features now, while Tesla do all they legally can to stop you modding your own car, bordering on extortion (it'd be a shame if you lost access to the Supercharger network, right...).
The same features "turned off in software" model is becoming common for scientific equipment. I know people who use software cracks to change the bandwidth of oscilloscopes. The worst time was when we bought a $20k Lock-in amplifier because we borrowed one and it was great, turned out the two features we needed were additional extras which cost us about $8k each. $16k later they sent us a sodding unlock code, if we had a whole bunch more money kicking around there was so much more that box could do.
Another "made it work" story from university:
This one relates to Xerox copiers, specifically, the older models which required the insertion of a "counter-key" to function. The counter-key was a grey box with six contact pins on one end and a mechanical counter on the other end. One would have to go to the department office and nicely ask the admin lady if you could "borrow the Xerox key to make a few copies". This gets old fast, and, if you are a too-clever undergraduate, you begin looking for another way to make copies.
Well, obviously, the "secret" is in the grey box, so one searches (this was before The Internet) the surplus catalogs to see if any of these grey boxes might be available surplus. Turns out that for $20, I was able to obtain a couple of them. But they did not activate the machine when plugged in. Out comes the ohmmeter, and continuity checks between the six pins on the surplus units and the "official" unit indicate that a short between two pins is present on the original, but a different two pins are shorted on the surplus units. Epoxy covering two access screws was picked out, the jumper was moved and...hey presto! Copies were made without troubling the department admin for the remainder of my stay there.
I was once asked to look at some software a police department had brought in to log staff absences, which had stopped saving new records. The people who wrote it said that it would take them weeks to fix, at a cost of ~£5k.
It was written in MSAccess, which I knew very well and made myself seem a genius by cofidently predicting that the main table would contain 32,767 records, which turned out to be spot on.
Changing the ID column definition from short integer to long integer took me all of 5 seconds and the system miraculously started working again. I asked if I could have a bonus of 50% of what the supplier had quoted, but they just laughed!
Is this how the industry works then?
You sell a duff product and demand loads of cash to make it do what it should have done anyway. That being said, even bloody Microsoft send out fixes each month. Free.
Car manufacturers are living proof of the saying: "There's never enough time to do it right, but there's always enough time to do it over"
Only industry in which they strive to produce a product every year, and strive with the same intensity to make different errors every year.
VW, Volvo, and Toyota had it right: build it, then rebuild the same design, minus the mistakes, the next year.
For Office, yes; try to find a retail copy of Office 2019. Go ahead, try. If you succeed, tell me where you got it so I can get a copy too. For Windows, no. Not yet, anyway, I’m sure that it’s on MS’s wish list.
It took a whole 5 seconds to hit Google for "Office 2019 retail".
" • One-time purchase for 1 PC or Mac "
You're welcome ;)
Have you tried this handy web site?
Looks like the going rate is about £20. YMMV, because I get product keys though my MSDN sub from work, so haven't had to buy a copy recently.
You don't get a box with a DVD in it, but you get a download and a product key. It is 2020 after all.
Given that huge swathes of people across the world are continually gainfully employed "upgrading" companies from Windows version X to Windows version Y, which are all pretty much just the same thing with many layers of lipstick on, I'd be quite confident to say MS have perfected this gravy train as well.
Back in the dim and distant past when I was supporting CD-ROM networking, we found 13 month hardware timers for sale. For a brief moment we were tempted to fit them into our hardware to ensure future revenue, but quickly realised how suspicious it would look if all our hardware failed after almost exactly 13 months.
I believe these timers were designed for use in industrial equipment to automatically power off if no one had been inside to reset them.
Mine's a Memorex unit, similar to a tape library (or silo). Half a dozen CD-ROM drives (since swapped out for DVD drives) in a large box with shelves for a few hundred CDs/DVDs and a couple robot arms to swap CDs in and out of the drives. All connected to a Sun 3/260 via SCSI, which in turn allows the rest of the network to access the CDs. It is a fairly handy thing, moreso back in the day, if somewhat of a bear to set up initially. Serves music, data and movies as required.
Picked it up at Wierdstuff Warehouse for a few hundred bucks back around the turn of the century.
I just made it remove enhanced features, or customer specific modifications (I mean if the deal for us to dev stuff just for a single customer, why should should we give it for free?).
It also meant that if you registered an issue and you were outside of the maintance period then deal with it or pay for my time.
Now, we did have it down on the docs that no maintenance fee, no fixie and that certain enhanced features required the extra fee (usually because they needed updates to work with new filetypes, and it's evolving document parsing features).
Never had a lawsuit, or much grumbling once they knew what they got for the extra penny's.
As for giving a stock package and breaking it after a time out... No. That's a step too far.
Anon because some would consider it still a step too far.
Depends upon the contract and the jurisdiction.
Reminds me of something at a former place of work as told to me by the colleague involved, who was hired through an agency. In his normal line of duty, he received a call from that agency with a question about why an overdue invoice for one particular agency worker (himself) wasn't payed yet. His reply: "My salary is already a bit longer overdue". "Oh sh.......".
I'd say it depends on the contract, but unless something explicit is mentioned, once you bought the licence to use a software, there is no time limitation. You will not get bug fixes if you don't take maintenance, but the software should not stop working only because you reached a certain date.
I've never left any kind of bomb in code, but when I was working on Sun workstations in the late '80s, I learned about their audio IO, and had all the nodes in the cluster play a toilet flush when they shut down. Freaked the staff right out, because every node in the office was part of the cluster. *LOL*
a bomb in the RS232 comms program I created.
The demo version had a 30 day limit on it, and it worked off system date of install vs current system date.... then threw an error message up such as "30 day limit reached"
Of course you could always reset the PC date..... only thing was if it ever showed the 30 day message it would delete the module that did the actual RS 232 comms.... good luck using it after that ..
But the guy in the story.... should have had a decent contract written up for customers to sign saying "no monthly maintence fee , no software "
Back in ye olden days at LAN parties there was one particular game that had similarly annoying consequences. If it detected the same licence code in use multiple times on the same network it would nuke them all and not work again unless fully re-installed. Quite a clever tactic really!
I hope you haven't tried that trick with any company with even a half-arsed lawyer in the last 30 years. A contractor tried that with some software specially written for a well know broadcaster I worked for. Once it ran for a few months without the need for any more bug fixes, they stopped paying "maintenance" bills. The software stopped working about 35 days later. Changing the date wouldn't make it work and reference to a backup tape showed that some important DLLs had disappeared. They sued under the recently introduced (at the time) "Computer Misuse Act 1990". Needless to say the contractor ended up having to sell his house and provide a court supervised build of the software without the date checking code embedded.
I was at college and we an a minor infection of the Form virus. I was still early days of learning computers back then and being on a computer course was fascinated by finding a live virus in the wild. I managed to get one of my floppies infected and took it home in an attempt to examine it. Managed to infect my HDD bootsector but never mind, just started booting from the 5 1/4 floppy instead.
Looking through an infected file with a hex editor I found the message it was supposed to display but never did
"The FORM-Virus sends greetings to everyone who's reading this text. FORM doesn't destroy data! Don't panic! Fuckings go to Corinne."
I changed the wording, infected a floppy and took it to college to try and spread my version with a different message. I can't remember the message. I loved my LA Kings ice hockey jacket back then so I think I put the name Kingz which I used to draw all over my books :) even if only I'd know Kingz was me.
Pointless, boring story but good to remember for me.
I've had not entirely dissimilar issues with two different sets of AV software.
Bought a new PC that came with a free year of Norton AV. That expired, I had no interest in renewing it as I was planning to use something else. I can't remember if it actually restricted anything when it expired, or just kept giving nagging annoying messages. Tried to uninstall it, but in order to access the full Norton dashboard to perform the uninstall, I had to enter a license key. Which I could only get by renewing the subscription. After a lot of googling, I discovered that there was a very unadvertised software removal tool which could be found buried somewhere on the Norton site. But the whole thing was clearly designed to deter people to the point where they just caved and renewed the description.
Can remember the full details of the second, thing it was AVG (though possibly Avast). Rescued a machine that had been dead for a year or two to see if I could use it for anything, and also to get some data off it. It was working fine, apart from bizarrely partial networking issues (I think I narrowed it down to no browser would work, but FTP or ping would). Eventually somehow discovered that the AV's response to not having been renewed was to disable as much network access as it could. Changing the system date back a couple of years to when the license was still valid magically restored full networking.
Given that software I don't want on my machine which hobbles the system is pretty much the definition of malware, I swore blind I'd never use any products from either again (which makes it all the more annoying I can't be certain who the second culprits were).
Biting the hand that feeds IT © 1998–2020