I've got a confession to make.

A while ago I refurbished this old laptop for someone, and ended up installing Bodhi on it. While I was installing it however, I did have some wicked thoughts..

What if I could ensure that the system remains up-to-date by running an updater script in a daily cron job? That may cause the system to go unstable, but at least it'd be up-to-date. Windows Update for Linux.

What if I could ensure that the system remains protected from malware by periodically logging into it and checking up, and siphoning out potential malware code? The network proximity that's required for direct communication could be achieved by offering them free access to one of my VPN servers, in the name of security or something like that. Permanent remote access, in the name of security. I'm not sure if Windows has this.

What if I could ensure that the system remains in good integrity by disabling the user from accessing root privileges, and having them ask me when they want to install a piece of software? That'd make the system quite secure, with the only penetration surface now being kernel exploits. But it'd significantly limit what my target user could do with their own machine.

At the end I ended up discarding all of these thoughts, because it'd be too much work to implement and maintain, and it'd be really non-ethical. I felt filthy from even thinking about these things. But the advantages of something like this - especially automated updates, which are a real issue on my servers where I tend to forget to apply them within a couple of weeks - can't just be disregarded. Perhaps Microsoft is on to something?

So I looked at our dashboard and noticed a banner mentioning scheduled maintenance set for 7:00 AM. And I thought to myself, "I never released an update, and even if I had, the maintenance would be performed 15 minutes after the build finished, not at 7:00 AM." So I emailed my coworkers, asking if they had put up the banner, no, no. I started pulling my hair out trying to figure out what caused this banner to be created. Was there some old job that was just now running? I combed through the server logs, thousands of entries later, and I found the banner was installed by some user with the IP 172.18.0.1...which was the local machine. I went through all the users on the system, running atq to see if anyone had jobs scheduled. And there was one job scheduled, under the root user. At that moment, I legit thought to myself, "have we been hacked? How is that possible?" It's wasn't! Then I looked under /var/spool/atjobs to see what the job actually was. And then I saw it. My weekly updater cron job had installed updates and had scheduled a maintenance window to reboot the system. And I smiled, realizing that my code was now sentient.

Why do devs hate windows (and all its products) so much? I mean yaa okay it is a shit os for you to get your development thingies done. Yaa I know its not open source. Yaa I know its not free. Yaa I know a lot of malwares are targetted towards windows. Yaa I know it takes decades to install updates which are released almost every week. And so on....

But wasnt windows the first operating system you laid your hands on? I mean me being a 90s born kid from India, Windows 98 was my first operating system and I was really in love with it as a teenager. MS paint was my playground and I used to go berserk over there. I mean come on. Being a teenager and knowing nothing about how a computer actually works, would you have been able to figure out how to run an NFS on linux? All the kickass presentations made in power point were so in during that time. The first code I ever wrote was in turbo C running on Windows XP. So whoever is bashing Windows and any of their products is a shit person because though Windows is not meant for developers (that too only some) it is a great operating system and I will always root for it in any forum/post where it is being bashed or criticized about. Not a Windows fan-boy (I dont known if there is even such a thing) but Windows is best for non-devs.

Hey Root, remember that super high-priority ticket that we ignored for five months before demanding you rewrite it a specific way in one day?

Yeah, the new approach we made you use broke the expected usecases, and now the page is completely useless to the support team and they're freaking out. Drop everything you're doing and go fix it! Code-complete for this release is tonight! -- This right after "impacting our business flow" while being collapsed on the fucking floor.

Jesus FUCKING christ, what the fuck is wrong with these people?

If I dropped the ball on a high-priority ticket for two weeks, I'd get fired, let alone for five fucking months.

If I was a manager and demanded a one-day rewrite I can only imagine the amount of chewing out I'd receive, especially on something high-priority.

And let's not forget product ownership: imagine if I screwed up feature planning for someone so badly I made them break a support tool in production. I'd never hear the end of it.

Fucking double standards.

And while I'm at it. Some of the code I've seen in this codebase is awful. Uncommented spaghetti, or an unreadable mess with single-letter variables, super-tightly coupled modules so updates are nearly impossible, typos in freaking constants added across sixty+ files, obviously-incorrect comments, ... . I'll have to start posting snippets to show them off. But could I get away with any of it? ha. Hell no. My code must be absolutely perfect. I hear about any and every flaw, doesn't matter how minor, and nothing can go out until everything is just so.

Hell, I even hear about flaws in other peoples' code during my code reviews. Why? Because I should have fixed it, that's why. But if I do, I get yelled at for "muddying the waters."

Just. JESUS FUCKING CHRIST.

It's like playing a shell game where no matter which shell I pick (or point to their goddamn sleeve where they're clearly hiding it), I get insulted for being so consistently useless, and god damn, how can I never find the fucking pea or follow the damned rules? I'm so terrible and this is why "nobody trusts me." Fuck you.

I'll tell you why I can't find your damned pea: IT'S RATTLING INSIDE YOUR FUCKING HEADS, you ASSHOLE FUCKING IMBECILES.

That's right: one pea among the lot of them.

goddamn I am fucking pissed off.

The only serious, as in customer affecting, bug I never git fixed was an indexing bug that caused an exception requiring manual intervention by one of us.

Despite going at it for many years I never found the root cause before I left the company.

The reason it was so difficult was that it only occurred every second month or less and with different customers.
It was also not triggering directly when the error occurred but a while later once the error had caused accumulated errors until one value got negative.

Also, it was a combination SQL, backend code and frontend js and the time from initial error until an invalid value could be hours, days or even weeks.

And we never ever managed to replicate it our self and found no common pattern between occasions.

We think it was some kind of race condition when updating the db that caused duplicate values or a hole in the index series (db transaction or db index was not an option for various reason that would require a redesign of the central tables and most if the central code).

This then grew into multiple error on consecutive updates until one f them resulted in a negative number that then caused a regex in js to fail.

Oh, $work.

Ticket: Support <shiny new feature> in <seriously dated code> to allow better “searching” (actually: generating reports, not searching)

UI: “Filter on” inputs above a dynamic JS table don’t update said table; they trigger generating a new report.

Seriously dated code: 12 years old. Rails v3-isms. Blocks access without appropriate role; role name buried in secrets configuration files. Code passes data round-trip between server/client/server/model that isn’t ever used. Has two identical reports with slightly different names, used interchangeably. Uh, I guess I’ll update both?

Reports: Heavily, heavily abstracted; zero visibility.

Shiny new feature: Some new magical abstraction layer with no documentation nor comments. Nobody in my team knows how it works. The author… won’t explain, but sent me her .ppt presentation on it (the .ppt, not a recording).

Useless specs for seriously dated code: Tests exclusively factory-generated data; not the controller, filters/lookups, UI, table data, etc.

Seriously dated code and useless spec author: the CISO.

The worst part: I’m not even surprised at any of this.

Working at a local seo sweat-shop as "whatever the lead dev does't feel like doing" guy.

Inherit their linux "server".
- Over 500 security updates
- Everything in /var/www is chmod to 777
- Everything in /var/www is owned by a random user that isn't apache
- Every single database is owned by root sql user
- Password for sudo user and mysql root user same as wifi password given to everyone at company.
- Custom spaghetti code dashboard with over 400 files in one directory, db/ api logins spread throughout these files, passwords in plain text.
- Dashboard doesn't have passwords, just usernames to login
- Dashboard database has all customer information including credit card stored in plain text
- Company wifi is shared by other businesses in the area

I suggest that I should try to fix some of these things.

Lead Developer / Tech Director : We're an SEO company, not a security company . . .

!long rant
Trying to work from home is always a pain, since we need to use company laptops (no ifs, ands or buts about it).
Yesterday I took the laptop in to check for updates that just wouldn't run while at home (my first mistake), and I couldn't get past the "Press Ctrl+Alt+Delete to login" screen, laptop keyboard didn't seem to be registering clicks, and an external keyboard wasn't either (and I forgot about the on-screen keyboard). A couple of restarts later with no further changes to the situation, the laptop then didn't get past the BIOS screen.
So I called support (my second mistake) and logged an incident.
Couple of hours later someone comes to my desk and asks about the issue, so I describe it, show them (by now the laptop was once again getting past BIOS screen), and leave them to it. Since these laptops are just used as preconfigured VPN and RDP gateways, I said it would be okay if he just wanted to reinstall the OS (my third mistake).
Several hours later, after staying late last night waiting for it to finish, I loaded my profile, installed updates, shut down, grabbed my stuff and left, without checking VPN or RDP over WiFi (my fourth mistake).
Turns out that some of the buttons on the keyboard just no longer work, but now USB keyboards do work, and I can just use OSK to login while out. I figured this would be my only issue with things, and that it was acceptable.
This morning I attempt to use the laptop, and forgot about OSK and the faulty delete button, so spent a few minutes on that. Try to connect to WiFi and find it can't connect, because of course, it doesn't remember the WiFi password, so I root around for the code in some drawer, enter it, and it works. VPN tries to connect and... get told to insert my smart card, which is already inserted, because the driver is wrong!
So I'm sitting here writing a post, not quite believing that I'm considering cancelling my plans for the day to go into the office because of a bloody driver issue now...