IT/Software career thread: Invert binary trees for dollars.
- Thread starter Traak
- Start date
TJT
Mr. Poopybutthole
- 44,153
- 115,647
I've never truly kept track its probably around 50-60 average. When I am oncall its like 80.
I've told leadership this already but their oncall alerts are complete trash. Most of them are more realistically warnings but they still demand you "validate" the warning and prove its not a bigger issue. Which just tells me its a bad "alert" as there is not really an action required to resolve it. In most cases.
- 1
TJT
Mr. Poopybutthole
- 44,153
- 115,647
Ours is an actual one. Its especially retarded because we have an actual database reliability team. They work on shifts are are available 24/7. But that is their explicit function. They do not have a development workload on top of that. We even have to deal with that gay jira alert app.
I am a developer in data infrastructure. The only actually important thing that I have to resolve with any of our alerts are client data issues. Mostly related to timing issues that are not my fault but because of how convoluted our ETL/ELT is you need to correct it in like 10 places to fix it even if something as simple as a timing window is missed.
I am a developer in data infrastructure. The only actually important thing that I have to resolve with any of our alerts are client data issues. Mostly related to timing issues that are not my fault but because of how convoluted our ETL/ELT is you need to correct it in like 10 places to fix it even if something as simple as a timing window is missed.
Khane
Got something right about marriage
- 20,909
- 14,736
Operations is one of those "jobs" that is relatively new and only exists out of necessity due to regulations like Sarbanes-Oxley forcing companies to remove developer access to production environments. Developers find operations staff "annoying" because they mostly don't understand software or SDLC and just push buttons created for them by us developers while they also try to act like they are our boss.
TJT
Mr. Poopybutthole
- 44,153
- 115,647
That's our Cloud Operations people.
Normally I could spin up just about anything in Azure I felt like trying out and remove it later. They locked all of that down last year so I have to go beg them to let me have an Azure Function App to mess with or any other feature on the platform. Its so annoying I don't even bother. It's legitimately faster to just do a total DIY solution and host it on Kubernetes/Rancher and be done with it. That is how retarded that team is.
Explaining how I can use something retarded like a Azure Function App (AWS Lambda equivalent) or a Logic App to a retard who has no idea what use they have is... tiring.
Normally I could spin up just about anything in Azure I felt like trying out and remove it later. They locked all of that down last year so I have to go beg them to let me have an Azure Function App to mess with or any other feature on the platform. Its so annoying I don't even bother. It's legitimately faster to just do a total DIY solution and host it on Kubernetes/Rancher and be done with it. That is how retarded that team is.
Explaining how I can use something retarded like a Azure Function App (AWS Lambda equivalent) or a Logic App to a retard who has no idea what use they have is... tiring.
Security is necessary, but it goddamn sucks. I can't count how many hoops I've had to jump through because of security. Gawd.
Noodleface
A Mod Real Quick
- 38,655
- 16,719
Be a shame if you had to use beyond trust. I call it Beyond trash and the people that on boarded that were pissed.
What an absolute dog shit software
What an absolute dog shit software
- 2,782
- 4,495
I have been on both side of the fence, and let me tell you: If you have good developers they understand the inherent responsibility they have, including the dangers that come with that. They also have proper production and testing environments, strict separation, and do proper deployment. Also, documentation.
I also have seen "rockstar" developers setting up their own GitLab instance on Azure, host their own code there and not lock up sign-ups. Which lead to gigabytes of code being .. well, you can't even call it stolen, because people could sign up for an account to it on the front door. This included secret keys and certificates that shouldn't have been there in the first place.
So, yeah: There are retards on both sides of the fence, but the basic idea of two pairs of eyes on a deployment is sound. We just have to find a way to do it without annoying everyone.
- 2
TJT
Mr. Poopybutthole
- 44,153
- 115,647
In today's episode of Rapid Pajeetification my wife's direct manager (director level) decided to pull all production access from the team. Her team is the "core team" of FTE for the company that have developed the internal system this part of the org manages. In house software that runs their manufacturing machinery.
Now, this part shocked me but guess who they instead gave production access to? The third party Indian contractors who know nothing about the system really and had no part in designing it over the past 8 or so years!
Like what is the goal of doing this? Even if you're a totally self serving Indian trying to pajeetify the company I don't see the advantage of doing this.
Now, this part shocked me but guess who they instead gave production access to? The third party Indian contractors who know nothing about the system really and had no part in designing it over the past 8 or so years!
Like what is the goal of doing this? Even if you're a totally self serving Indian trying to pajeetify the company I don't see the advantage of doing this.
- 7,747
- 12,442
TJT
Mr. Poopybutthole
- 44,153
- 115,647
Realistically you do indeed want security focused engineers in the process.
TomServo
having CICD with security gates is appealing to me. As this is the least disruptive way to do it.The problem I see here is that you need non-retards to do that part. The afterthought pen test retards can't do this. No way they can just read the code and see the security issues directly or properly diagnose those issues within the limited dev environment. The same person capable of that is someone who is already developing whatever it is. This similar to the SDET problem (as I call it).
It is quite ideal to have SDETs on your very dev team. But many places don't have them due to cost. The same is true for skilled and expensive developers who specialize in security.
Phazael
Confirmed Beta Shitlord, Fat Bastard
- 15,047
- 32,868
What Khane said pretty much. Their goal is to just get as many Poos in the door as they can no matter what. The idea is if they can convince other upper management types that the complete ineptitude of the Poos is offset by their lower cost. Meanwhile the whities he is pushing out will be tasked with training the replacements as well as having all the blame dumped on them for shit completely out of their control. This is precisely how they invade most companies, without a care for the quality of the work just get more cheap poos in the door. The director guy does not care if he gets canned or caught doing it because he will be golden parachuted to start the Poo-ification at a new job who will hire him because he "has experience and saved labor costs" and by the time the current company realizes whats going on the Poos will be too entrenched to be gotten rid of shot of a buyout or complete collapse of the company. Its actually on the level with any of the shit China is pulling in terms of being a national security threat, imo, because its destroying our infrastructure AND economy at the same time. All one has to do is look at both Canada and Silicon Valley to see where this shit covered road leads.
- 7,747
- 12,442
So we use stuff like Snyk for secrets in code, dependabot for vuln in code and updating it. it takes legit rockstar devs who like security and you pay them enough to do it. ill be honest it is slow as fuck because we keep alot of security gates in monitor mode not to fuck with our devs to much. we did build a pretty legit AI development and general user guardrails tool that allows you to use it free of worrying about exposing code, secrets or anything. we prechoose what LLMs and tools we want to add to it.Realistically you do indeed want security focused engineers in the process.
The problem I see here is that you need non-retards to do that part. The afterthought pen test retards can't do this. No way they can just read the code and see the security issues directly or properly diagnose those issues within the limited dev environment. The same person capable of that is someone who is already developing whatever it is. This similar to the SDET problem (as I call it).
It is quite ideal to have SDETs on your very dev team. But many places don't have them due to cost. The same is true for skilled and expensive developers who specialize in security.
i could go on. but end state is to make the process invisible.
- 1