I’ll give an example. At my previous company there was a program where you basically select a start date, select an end date, select the system and press a button and it reaches out to a database and pulls all the data following that matches those parameters. The horrors of this were 1. The queries were hard coded.

  1. They were stored in a configuration file, in xml format.

  2. The queries were not 1 entry. It was 4, a start, the part between start date and end date, the part between end date and system and then the end part. All of these were then concatenated in the program intermixed with variables.

  3. This was then sent to the server as pure sql, no orm.

  4. Here’s my favorite part. You obviously don’t want anyone modifying the configuration file so they encrypted it. Now I know what you’re thinking at some point you probably will need to modify or add to the configuration so you store an unencrypted version in a secure location. Nope! The program had the ability to encrypt and decrypt but there were no visible buttons to access those functions. The program was written in winforms. You had to open the program in visual studio, manually expand the size of the window(locked size in regular use) and that shows the buttons. Now run the program in debug. Press the decrypt button. DO NOT EXIT THE PROGRAM! Edit the file in a text editor. Save file. Press the encrypt button. Copy the encrypted file to any other location on your computer. Close the program. Manually email the encrypted file to anybody using the file.

  • softkitteh@lemmy.blahaj.zoneEnglish
    9·
    6 hours ago

    Oh boy, this one was a doozy…

    Was working at a very big company named after a rainforest on smart home products with integrations for a certain home assistant…

    New feature was being built that integrates the aforementioned home assistant with customer’s printers so they can ask the assistant to print stuff for them.

    The initial design lands from our partner team with a Java backend service fairly nicely integrated with some CUPS libraries for generating the final document to be sent to the customer’s printer. All good.

    They are about to launch when… uh oh… the legal team notices an AGPL licensed package in one of the CUPS library’s dependencies that was absolutely required for the document format needed by the project and the launch is cancelled.

    So the team goes off in a panic looking for alternatives to this library and can’t find any replacements. After a month or two they come back with their solution…

    Instead of converting the document directly in the backend service with the linked CUPS library (as AGPL is a “forbidden license” at this company) the backend uploads the initial document to an S3 bucket, then builds a CUPS document conversion bash shell script using some random Java library, the shell script is then sent (raw) to a random blank AWS host that comes prepackaged with CUPS binaries installed (these hosts were not automated with CI/CD / auto updates as was usually mandated by company practice because updating them might remove the CUPS binaries, so they required a ton of manual maintenance over the service’s lifetime…), the bash shell script is then executed on that “clean” host, downloading the document from S3, converting it via the CUPS command line binary, then reuploading it to another S3 bucket where the Java backend picks it up and continues the process of working the document through the whole backend pipeline of various services until it got to the customer’s printer.

    This seemed to satisfy the legal team at the very least, and I have no doubt is probably still in production today…

    The kicker though? After all those months of dev work from a whole team (likely all on 6 figure salaries), and all the time spent by various engineers including myself on maintenance and upkeep on that solution after it was transferred to us?

    An alternative, completely unrestricted corporate license was available for the package in question for about $100 per year so long as you negotiated it with the maintainers.

    But that was a completely unacceptable and avoidable cost according to upper management…

    • vrek@programming.devOPEnglish
      3·
      6 hours ago

      Wait 100 per year total or 100 per seat per year? If it’s per seat I can understand, if it’s total wtf…

      • softkitteh@lemmy.blahaj.zoneEnglish
        5·
        5 hours ago

        $100 total, per year… as a FOSS enthusiast, it made me very angry that such a rich company was so petty over such a small cost for a product that raked in multiple millions of dollars per year 😾

        • vrek@programming.devOPEnglish
          4·
          5 hours ago

          Yeah that’s fucked up. From two perspectives 1. Who ever wrote that library needs money to survive. 2. From the company point of view they wasted WAY more money on the development then the license. Hell if 1 developer spent a day to do it, they paid more than they would for the license

          • NotMyOldRedditName@lemmy.world
            3·
            52 minutes ago

            The first time something goes wrong with that complicated setup, it probably pays for a decade half a century or more of it’s fee.