Pun intended. (cf Duran Duran)
Have you been so sick, you just think you are gonna die?
Have you been checking dozens of physicians that tells you, you have nothing and it is all in your head?
It has been my routine every winters for the last 30 years.
It used to not matter: I always conveniently chose a room faraway in any place so that my cough would bother no one.
But now I have to face my angry spouse that really would like me to stay alive and raise our kid, and we have been living in tight spaces since we met...
Funny how small problems of 3D geometry can matter.
So basically: I cannot sleep at night, unless I accept to drown in a weird foam coming from my inside, wait 5 hours of zen acceptance of being between sleep and fucking vital reflexes waking me up because I literally drown in my own water and asthma get triggered while my body also try to put me to sleep to recover. Dreaming of drowning and yet being physically drowning in your own perspiration? Yummy!
Funny fact: unless you ask me now (the morning after), I have no memory of it. Just like pregnant women cannot remember what was their pain during the labour.
And during these nights I live the dreadful perspective of dying.
This morning I have a cheerful song into my brain when it comes to the melody (a New Orleans kind of tune) from everlast: when I was a very young boy, [my cough] told me we're all gonna die. (in the original lyrics it is mama not my cough)
For years, Doctors, shamans, and all kind of nicely knowing persons have gave me their bests at trying to heal me: but I suffer from nothing.
And at the end, I am either denied to suffer, or told it is God's way to tell me I am a bad person...
If I talk about it: I am a weirdo. If I say all kind of medicines are failing I am a liar. Because everybody knows that they are right in their beliefs.
So in order to have a social life I must forget the feeling of drowning in my sleep. Of feeling I am gonna die. And every morning, whatever my body is telling me how much my lungs, my heart, my sanity are damaged, I reconstruct a socially acceptable normal self: one that does not suffer, and like everybody else don't remember he well die. And go back to work or pass exams.
But there is a side effect of suffering huge amount of pain. You have a short amount of morning clarity the morning after...
One that tells you something important: today I AM ALIVE AND KICKING (and feeling like a fucking vulnerable weak shit (cough, ouch, cough)).
For some days (usually no more than 3) your priorities are re-based on one thing: you have one and only one life.
Only one that matters, and all the social limits put on your brain kind of falter.
It is like a smoke of screen that basically is our social based educations gets partially torn, and you are having a wake up call.
But, why do conflicts always appeared these morning after at my jobs I always wonder? Why my accepted obedience to society gets in the way of my will to live as I wish?
Actually, what do I wish?
For one thing, knowing that I am gonna die, I used to drown myself in technical stuff that requires so much focus that it diverts me from thinking of it too much. But also, excelling at doing give me a sense of internal peace and fulfilling.Totally crazy batshit crazy thinking. But I discovered it worked.
I love to do stuffs, because they help me squash away my fears, and I am all the more relieved that they are done the more correctly I can. The pleasure of some well done work. I am all the more attached to try do my code correctly that I know I am a temporary being on this earth.
And writing good piece of intellectual work is hard. So hard, I don't like most of my code, but I stubbornly try to make it better, or at least as good as I know it can be done. And I make mistakes ... a lot of them. From which I learn.
Because of this, my getting fired day often happens after these kind of existential wake up: I love to do stuff correctly because that helps me feel alive. And I like facts.
On reddit and hackernews I often get downvoted for being savage as fuck. But, the true story is truth is always savage.
Authority and status do not like being questioned. And there is no way in political context, Truth can be told.
More than once, even though my skill in security expertise is low did I spot obvious security holes. My expertise comes from the fact these mistakes are often mistakes I made myself and recognize.
Let's begin the story telling
A level III engineer (I was a probatory level I) really hated that in a code review I spotted an SQL injection : he was using an ORM, it was therefore impossible there was an injection ... unless he was building the query as a string and then sending it raw for execution.... argument he always discarded as false (fallacious behaviour) and as a threat to his authority. I told him that we all did mistakes, but apparently, since he as always be coding this way it could not be possible (else the solution would be flawed to the core).
So he left me to be dealt with higher level of managements that asked me to do a mission on a critical payment & authentication system, but without the documentations.
So, I had to reverse engineer the tool from 3 functions calls and a proxy web server.
It was JWT based solution. And, I spotted the very expensive auth system was failing 40% of the time. I thought that I must be stupid or the emperor was naked. Long story short feedback from the production were telling me the emperor was naked. Everybody knew but nobody would tell it because they used the wraith of the managerial authority with convocation to the higher managers to shut you down and give you a blame. Security obfuscation by retaliation.
Technical detail, I found by frequential analysis I was dealing with a base64 string, I decoded it, I found keywords, googles them and found a RFC. Then, I read it.
Basically the «secured» solution that was given as a token other HTTP GET method was a base 64 encoded string whereas the RFC mentioned it should be a urlsafe base 64 encoding... It made sense. But the devs, instead of a using an external dependency to have more control, rolled their own crypto.
In a company that is so big with so much turnover with so proud of hiring so much ninja coders thousands of experts have been hitting this bug for YEARS.
So, how does a life and death concerns in the morning affects a stupid technical problem? When you have a wife and life matters more than a stupid problem of a dysfunctional hierarchy that has ego problem, thinking of the relativity of coding compared to have an happy life should matter the most, no?
All my friends always told me to use my smart brain to do what everybody does: shut my mouth.
Me, after a bout of cough, my brain becomes stupid: I filled in a security bug and a functional bug report describing with a sample of code on how to reproduce the problem, the mathematical calculus to compute the frequency of failure, I used side channels to have figures to compare with the observed production rates of failure that were matching the analysis of the reason, why it happened and how to fix-it.
48 hours later I was shamefully brought to my desk by a security agent in front of all the coworkers to fill all my belongings in a box.
Years later, this bug is certainly still in production and affects million of users and have huge costs for the company. But, when I am telling the name of the company every one tells me, they should be proud of their products and I was dead wrong.
So, my conclusion on this episode is : security by pressure aka the naked emperor syndroma is real.
I will succinctly multiply the examples but let me tell you, it happened to me a lot. I more than once had a security engineer on vacation and needing secured acces to works.
Once I used an exploit in a linux perf counter to get root access ... that I reported when he came back. Needless to say I was not thanked for reporting ALL the linux servers were vulnerable for 6 months. (Same perfect company some of my respected security experts friend give their credential to).
Another time, I had to play with a jar (as if I ever coded in java) to read a library and guess that a «secured payment system» from Orange telecom was in fact based on the repetition of an XOR on a fixed string, with white space padding, with fixed data... Well, I «cracked» the password because else the company would not have been able to process the payment. I had to fill in my box one week later. The buy in one click feature from ISP is the one I oddly never use.
Another time I just told to a CTO you cannot make an exact 100 top ranking by merging 10 top ranking on 10 shards. (Distribution matters). I was told, math lie.
And that well, there was also quite a few SQL injections somewhere else ... for which I was told the ORM magically protect mantra ....
My hazed brain does it every time I wake up having the feeling I nearly died from my coughing in the night. I forget about social context. I am just bluntly honest about my work. Because that is my life saver.
Every time, when I get back to work my brain switches off the social limiters and when something needs to be done or said because it seems the obvious stuff to do to go on and jump to a new thrilling adventure my brain tells me: Oh! everybody is like you! We all know we are weak, make mistakes and how can reporting a factual technical simple problem having a fix that is ready backfires?
Every time, I decide to take the bull by the horns and say, look we have a problem that can be fixed.
Truth is problem is often already fixed by layers of duct taping programming that hold the solution afloat and a lot of jobs relies on this duct taping. We sell dreams not facts. We want stuff to look as if they are working, we don't actually need them to be correct (except if it is in a nuclear plant or for a peace-maker, or for an autopilot?)
But being alive is not being a coward that does what has to be done to protect your social position.
Being alive is liking who you are. And if you define yourself by your love in what you do, then if being true to your own self is trying to make things work, then it is what has to be tried. You have only one fucking life!
And believe me: there is no way human beings do not take it personally when they made a mistake and you spot it, it is just that when it is made by the upper management they will fire you. If it is an intern, he will just resent you in your back except if they are some of my precious padawans I am proud of having enlightened.
And now, I don't even remember that I had the feeling I died tonight. Focusing on these petty technical problems makes me forget all about this. The feeling of my own pain and agony is gone, and even though I put my social status at risk, I feel at peace with my own self doing the stuff in the way I think maybe correct.
My brutal honesty get me fired, it get me blocked at human resources interviews, and right now I live with the social minimum in a dire economical situation. But, fuck, honesty and living as yourself 24 hours a day is wonderful.
People see me as savage as an angry honey badger. I prefer to say I will not bow. My pride as a human is as vast as the eternity of void that you can expect after your own death.
Life is to short to live life as a full scale role playing game. Be yourself, and love who you are, and what you do, even if it hurts a tad. It will never hurt as much as wondering on your death bed why you messed up your only chance to live according to your own self.
And after smoking, my body fluids finally leave my lungs, giving me my much appreciated certainty tonight the problem will be fixed... and I dare not tell anyone that my cough was worse when I stopped smoking. Because ... everybody knows like Adolf H knew and all the others hygienists that there is no way tobacco can help... Yes it does, as much as smoking weeds, but I cannot: it is illegal.
Fuck my life on this, and please if nothing can heal me and legal medicine has given up on me, let me have access to the devil's lettuce that at least can ease my pain. Let me suffer less. Pain is not FUN!
The coders' ethics is plain bullshit
Oh! Coders are taking a virtuous stake in being ethical:
Well, it is a smoke screen, most of our activities are non ethical in terms of everything we pretend to be...
What IT means ? Information technology.
How do we define Information? As the number of relevant choices proposed to any requests over the whole possible choices.
Our job is very often to limit often by idiocy sometimes by following orders without critical thinking your access to information.
I have already treated poorly the bubble of reality that search algorithm makes. And I think the topic is boring. So, I will prefer real life examples of stuff I did as either a freelance or a job.
IP theft/plagiarism is probably the most common activity I have taken part in my career as a coder, because I am free software specialist.
I mostly have taken part honestly in stealing myself, though.
Let's take this wonderful multihead solution based on linux that I helped building when I was young. You may have seen it working. It was based on linux, but the hardware description said it was based on a GPU that was never supported by linux. How can?
Well I coded the driver. My boss was a FSF free-douche, the kind that would bend the truth to oversell free software and its «intrinsic virtue» for the democracy, security & al. He said, we don't release the code:
I have also one time be mandated to code a spamming solution.. oops an efficient marketing tool or set them up.
Actually it was pretty okay in the opt-out part.
But every time I was forced to let customers input their email by batches from fishy origins without control. When I said, maybe we could give check if these lists are legitimates or to let people report that it was no optin, I was cock blocked.
I have even been asked to try to protect a spammer and asked to fight spamhaus while working for an ISP.
I have taken part in fighting laws I totally support. Sometimes.
I have been talking a lot to my colleagues, and friends about this crossing the red line ; mainly the answer was : we all do this, because it has to be done and else we will have no jobs.
How much a free farting application costs on a mobile phone? Well, according to most it is free. But what if in small printing it is written that if you don't explicitly resiliate the free subscription it will be a tacit infinite reconduction of a .70€/month bill that no one notices? Your farting application can cost you 19€.
How can you be proud of manipulating the OS of a smartphone to make people send overtaxed SMS sneakily and then erase them from the list of the SMS?
While working for the advertisement industry I have been on numerous occasion working on deceptive (but with small prints still) websites for games and cooking recipies which were total clickbaits in order to collect personal information. It is not illegal if the information is there? But where?
I have tracked you with zombie/everlasting cookies. Pop-under, pop-over have no secrets for me, I have been altering the content of information web sites to the point I was potentially able to alter the news websites' information. The googleAds and co are fucking security holes. I could have put a financially fake news in order to manipulate the market if I were truly evil. But, as numerous coders I never talk about publicly (like on a blog) it because :
How do you call a worker with multiple customers but in fact has one and only one intermediary actor in the middle?
Well, an überized worker.
Like a driver, a coursier, a pseudo construction worker ...
How do you call this when your job is to be hired to do the job in a company that have the ability to do so for less?
You call this a yellow stupid überized.
Well, like every one else being jobless I was proposed it as the only way to have a job; I however know that in doing so I broke numerous work and contract laws. Well, choosing between living in misery or in integrity is quite a choice I did not have.
You know the gun makers excuse ? It is not me who makes dangerous tools, it is those who pulls the trigger who are the dangers.
One of my specialty is log extraction and analytic. I have been building numerous tools that given in the wrong hand would result in mass surveillance. But for my defense, this is a routine activity we do. Oddly we always log the users even intermediates, even eventually the one doing the queries, but never report to the lower levels the fact they have been targeted by the query. Ooops, cost to much and not a desired feature.
I have taken part in supervising activities of workers that violates international conventions on legal length of workdays, what is an acceptable in terms of lunch/rest/toilets pause ....
Well, you know, I have not been alone, we were all involved in the technical, marketing and financial department of the company. My work has been by a lot of standards a slow slippery of concerns.
I am a good sheep. In fact, I have been considered a pain the ass for calling some a tool big brother and for asking my CTO that is a pro privacy/cryptography/freedom if he had no problem with his inconsistent moral stance in public in regard to what he was actually doing?
I guessed that may explain why he threatened to beat me one day and threw me an object at my face in the open space and then went on firing me immediately.
You know in the big brother activities are funny. I can totally measure your work activities when you login, logout, call your mail client.... and you know for what I have sampled mentally of these logs, people are always working more than advocated.
On the other hand, application coded by fellow coders tends to forbid to input more hours than actually made. All the «timesheet» applications aka digital punch clock I have used required a manager authorization to enter the extra work hours.
It is funny how we can measure stuff accurately when we want.
50 - 70hours per week paid 35 in my industry are totally legitimate, and there is no evidence of the opposite, because, well, lol, our tools may be a tad biased.
Ethical? I don't understand this word, but let's say I do since I came back from Canada.
Results : I parse 900 work announces per week, answer to at most 3 go to numerous interviews and do not hide my intent of living by the laws and contracts.
So far, the only job for which I have been accepted had been mover (driver/riper) and it was a great personal experience.
Well, it is good news. I don't have to live in fear or give up : I can still find a job.
Most of my friends says my attitude towards IT is suicidal, I do think the opposite : IT industry is suicidal, and I am no lemming.
E-commerce is based on trust: lose the trust of your customers and you lose your business. And maybe so far you have not lost a lot of customers yet butme. I know enough of the landscape of IT to distrust most of the so called disruption coming. The IT market nowadays is basically a gigantic scam based on promising a gold rush on some technologies that you sell. The ones who made money from the gold rush were not the miners, but the shovel sellers. This what It are: scammers selling you shovel to scam other people.
And to conclude, my experience at trying to raise ethical issues in my numerous pro life in IT is that it results in you being fired.
The actual fuss about let's be ethical is just a clever marketing trick as long as workers are not recognized the right to oppose more than questionable/illegal activities. And, we are not. The only ethic we are authorized is the one of those who pay.
And I may be special, I decided to live by my own standards and I don't fear to be sacked, threatened, physically beaten, living in misery once again.
And, that is my choice, not an ethical one: a selfish one, I love to look at myself in the mirror and be a tad proud of who I am unlike the vast majority of my colleagues who have been involved in all these stories.
Do whatever you want, but everything made by peer pressure and publicity is not ethic, it is just marketing or just buying the indulgence of the crowd for the shit you made as a catholic buying his indulgence to the Catholic church in the middle age.
Ethical coders, I do not belong to this movement and I despise it.The vast majority of my profession love moral stances and doing the opposite of what they advocate when you can't see.
- major US IT actors such as google, FB, twitter will not code a database of muslims and encourage developers to sign a chart about it;
- a ban on killer bots (drones excluded) is proposed;
- the IT industry (that reduces your choices while searching the web) are agreeing to show you «better choices»...
Well, it is a smoke screen, most of our activities are non ethical in terms of everything we pretend to be...
What IT means ? Information technology.
How do we define Information? As the number of relevant choices proposed to any requests over the whole possible choices.
Our job is very often to limit often by idiocy sometimes by following orders without critical thinking your access to information.
I have already treated poorly the bubble of reality that search algorithm makes. And I think the topic is boring. So, I will prefer real life examples of stuff I did as either a freelance or a job.
Pure illegal activities
I have been a contractor, and for years I have been working for the media industry. I have taken part in violating the law to keep my job under peer pressure to keep the activity running.
IP theft/plagiarism is probably the most common activity I have taken part in my career as a coder, because I am free software specialist.
I mostly have taken part honestly in stealing myself, though.
Let's take this wonderful multihead solution based on linux that I helped building when I was young. You may have seen it working. It was based on linux, but the hardware description said it was based on a GPU that was never supported by linux. How can?
Well I coded the driver. My boss was a FSF free-douche, the kind that would bend the truth to oversell free software and its «intrinsic virtue» for the democracy, security & al. He said, we don't release the code:
- license just means that it should be available to those who ask (and we never hinted customers about their rights);
- the (cooperative) company owns the code anyway, so it is not you to decide how to use it.
I have also one time be mandated to code a spamming solution.. oops an efficient marketing tool or set them up.
Actually it was pretty okay in the opt-out part.
But every time I was forced to let customers input their email by batches from fishy origins without control. When I said, maybe we could give check if these lists are legitimates or to let people report that it was no optin, I was cock blocked.
I have even been asked to try to protect a spammer and asked to fight spamhaus while working for an ISP.
I have taken part in fighting laws I totally support. Sometimes.
I have been talking a lot to my colleagues, and friends about this crossing the red line ; mainly the answer was : we all do this, because it has to be done and else we will have no jobs.
Grey activities most of the time : tricking people
I have also been taking part in activities that are about not committing crimes directly, but much more taking advantage of people by hiding information about important contractual part.
How much a free farting application costs on a mobile phone? Well, according to most it is free. But what if in small printing it is written that if you don't explicitly resiliate the free subscription it will be a tacit infinite reconduction of a .70€/month bill that no one notices? Your farting application can cost you 19€.
How can you be proud of manipulating the OS of a smartphone to make people send overtaxed SMS sneakily and then erase them from the list of the SMS?
While working for the advertisement industry I have been on numerous occasion working on deceptive (but with small prints still) websites for games and cooking recipies which were total clickbaits in order to collect personal information. It is not illegal if the information is there? But where?
I have tracked you with zombie/everlasting cookies. Pop-under, pop-over have no secrets for me, I have been altering the content of information web sites to the point I was potentially able to alter the news websites' information. The googleAds and co are fucking security holes. I could have put a financially fake news in order to manipulate the market if I were truly evil. But, as numerous coders I never talk about publicly (like on a blog) it because :
- I would have been blacklisted;
- the industry losing trust would mean the job disappearing.
I have been überized before it was cool
How do you call a worker with multiple customers but in fact has one and only one intermediary actor in the middle?
Well, an überized worker.
Like a driver, a coursier, a pseudo construction worker ...
How do you call this when your job is to be hired to do the job in a company that have the ability to do so for less?
You call this a yellow stupid überized.
Well, like every one else being jobless I was proposed it as the only way to have a job; I however know that in doing so I broke numerous work and contract laws. Well, choosing between living in misery or in integrity is quite a choice I did not have.
Big brother activities
You know the gun makers excuse ? It is not me who makes dangerous tools, it is those who pulls the trigger who are the dangers.
One of my specialty is log extraction and analytic. I have been building numerous tools that given in the wrong hand would result in mass surveillance. But for my defense, this is a routine activity we do. Oddly we always log the users even intermediates, even eventually the one doing the queries, but never report to the lower levels the fact they have been targeted by the query. Ooops, cost to much and not a desired feature.
I have taken part in supervising activities of workers that violates international conventions on legal length of workdays, what is an acceptable in terms of lunch/rest/toilets pause ....
Well, you know, I have not been alone, we were all involved in the technical, marketing and financial department of the company. My work has been by a lot of standards a slow slippery of concerns.
I am a good sheep. In fact, I have been considered a pain the ass for calling some a tool big brother and for asking my CTO that is a pro privacy/cryptography/freedom if he had no problem with his inconsistent moral stance in public in regard to what he was actually doing?
I guessed that may explain why he threatened to beat me one day and threw me an object at my face in the open space and then went on firing me immediately.
Breaking the working contract
You know in the big brother activities are funny. I can totally measure your work activities when you login, logout, call your mail client.... and you know for what I have sampled mentally of these logs, people are always working more than advocated.
On the other hand, application coded by fellow coders tends to forbid to input more hours than actually made. All the «timesheet» applications aka digital punch clock I have used required a manager authorization to enter the extra work hours.
It is funny how we can measure stuff accurately when we want.
50 - 70hours per week paid 35 in my industry are totally legitimate, and there is no evidence of the opposite, because, well, lol, our tools may be a tad biased.
Have you tried to be ethical?
Ethical? I don't understand this word, but let's say I do since I came back from Canada.
Results : I parse 900 work announces per week, answer to at most 3 go to numerous interviews and do not hide my intent of living by the laws and contracts.
So far, the only job for which I have been accepted had been mover (driver/riper) and it was a great personal experience.
Well, it is good news. I don't have to live in fear or give up : I can still find a job.
Most of my friends says my attitude towards IT is suicidal, I do think the opposite : IT industry is suicidal, and I am no lemming.
E-commerce is based on trust: lose the trust of your customers and you lose your business. And maybe so far you have not lost a lot of customers yet butme. I know enough of the landscape of IT to distrust most of the so called disruption coming. The IT market nowadays is basically a gigantic scam based on promising a gold rush on some technologies that you sell. The ones who made money from the gold rush were not the miners, but the shovel sellers. This what It are: scammers selling you shovel to scam other people.
And to conclude, my experience at trying to raise ethical issues in my numerous pro life in IT is that it results in you being fired.
The actual fuss about let's be ethical is just a clever marketing trick as long as workers are not recognized the right to oppose more than questionable/illegal activities. And, we are not. The only ethic we are authorized is the one of those who pay.
And I may be special, I decided to live by my own standards and I don't fear to be sacked, threatened, physically beaten, living in misery once again.
And, that is my choice, not an ethical one: a selfish one, I love to look at myself in the mirror and be a tad proud of who I am unlike the vast majority of my colleagues who have been involved in all these stories.
Do whatever you want, but everything made by peer pressure and publicity is not ethic, it is just marketing or just buying the indulgence of the crowd for the shit you made as a catholic buying his indulgence to the Catholic church in the middle age.
Ethical coders, I do not belong to this movement and I despise it.The vast majority of my profession love moral stances and doing the opposite of what they advocate when you can't see.
Subscribe to:
Posts (Atom)