A colleague of mine had to debug performance problems in a foreign, proprietary application that is ancient.

To be crystal clear: Only reason that thing exists is because some old geezers fear change.

Asked me for help cause it's an _ancient_ MS SQL server that is luckily running on hardware owned by us.

Finding the credentials was already a funny task.

We had to access the vault (not joking here, we have a physical vault for storing sensitive data and critical backups), grab a folder and find the necessary data cause no one ever dares to touch that thing.

The application is btw for a sort of ERP / inventory system that is used in some ancient shops not yet migrated...

Yeah. Story speaks for itself.

Anyway, after dusting off ourselves, we were able to connect.

Was a bit ... Interesting. Everything's in german. The worst kind of german.

After looking at the first tables, I started giggling.

My colleague knew immediately that this was a sign of danger (insert Simpson meme here), raised his eyebrows and asked "How bad is it....".

Me, still giggling, "lemme take a further look, this is gold".

*long sigh from the colleague*

Well... It ended with me putting my hands in front of my eyes, turning around and saying: "I cannot look at it anymore, it hurts too much...."

To summarize:
- German table names
- When a table exceeded 300 plus columns, they added another table with the same plus suffix "_ddd"… where ddd is an zero filled integer sequence like 001
- To join this mess, they created views... Named "generator" - Sequence Number ... Some had the beginning of table names appended, which doesn't make it less confusing.
- the process list was listing queries running longer than 5 mins.

Which isn't at all surprising when generating carrtesian products of N tables with left join.

I've seen shit.... I've seen a lot of shit.

But that shit scared me.

I wish that my previous company gets investigated. They probably got more violations if they are investigated. Here are a few examples:

The company is in the telecom business and they wanted to create AI summaries of their phone calls. So they used real private calls of their clients as test data without their knowledge & consent.

The CEO also made fun of someone handwritten CV on LinkedIn. Sure, he blurred out the obvious data but shit like certificates, past history & rough location was still present. It was not be hard to find who it was.

The 2FA of some IT services was still on the ex-CTOs private phone (now he is a consultant 1x a week)

One of their engineers moved back to Russia and has access to sensitive data. (aka call recording of insurances, banking, fire departments, ...)

Offering users to write a public review of the company for a discount if the review is positive. The "paid review" is not mentioned.

The reviews of their new feature are done by 'external' people but they all benefit from the companies success. The review is written from their own company but it was written by the external design company (CEOs wife under her own company), marketing consultant (under his own company).

They did fire an employee illegally (as in did not follow the legal procedures, the new COO thought she was a consultant, she was in fact not so she had more protections)

They did fire an employee for untrue reasons and waiting till he was on holiday & abroad (dick move but legal I think)

They did spy through the security cameras and made up a reason to fire someone. Company offered free soda during that time, employee did not like the offered soda and filled it with a diet-variant on their own dime. He then took his own bought diet-soda back home (not all) and got fired for stealing. (or idk, it might have been ice tea or fanta)

They did not report that an employee sold company data but he was let go.

They run cookies on their website but has no clause for cookie-consent.

Their features that they are promoting & selling is not working like expected

They lie about their server uptime or heavily manipulate it.

They sell a feature that is no longer supported and broke a few updates ago.

They are offering a product as a fix that is simply not longer supported by the development team

They have fired consultants and then refuse to pay their last month salary or only pays it partially. Happened as far as i know, 4 times (no proof).

Everyone had access to the full password vault including the login credentials for business routers and the credit card info of the CEO, CFO, CTO. It took me multiple times to report it to the IT admin for mine to be restricted.

Every new dev has access to production data within a few weeks or direct database access

Any person who has access to the admin-portal can spoof phonenumbers in a few clicks.

A colleague is blacklisted at the police portal for past crimes where they have to fulfil police orders. He did them pretending to be a different employee who was approved. Also, they do not keep track of the data needed to fill in the yearly report (idk why the company has to them but the police does not do it).

They forgot to implement a warning (legally needed) before someone hits their data limit. those people cannot be billed. Someone was watching 4k movies in Signapore and costed the company tens of thousands of Euro.

If I think of more, I'll add it comments lol

Not sure if it should be a joke or a rant, but something rather funny (at least to me) happened today.

TL;DR; Someone's outlook was crippled by 100k+ of warning notifications

So we have developed a server that has an internal database that wraps around an elastic search instance, that is managed by a POS vault/storage solution, that we have to use for legal reasons. The elastic search is "provided" by the software, but we keep this internal database just to be sure and totally not because it's unreliable POS.

Anyways, they take data integrity very seriously, so every warning our server produces is emailed to someone in charge to review it and if necessary forward it to us. This will be important later on.

Couple of days ago we got error forward when trying to write an entry into the POS software we get an error, because an object we tried to write already existed. After some investigation we concluded an entry was missing when the internal database was created, so we asked them to repopulate elastic search to solve this problem.

When start the server we always sync the internal database to the elastic search and emit a warning when an entry is missing in internal database or vice versa. And well... almost all of them were missing, which caused our server to emit ~40 warnings/ms. Poor outlook. Still investigating for the cause, but damn, I never expected I'd take down someone email account by accident

Is there any note taking, or password vault app which can work offline, cross platform, sync data with online storage services, like Dropbox, Google drive etc., and do encryption?

What was interesting was 70% of the Data Vault training was something I do already. The other 30% was either a good idea or overkill. However now that it has been adopted by the team, I guess everyone will have to code that way.