Pun intended. (cf Duran Duran)
Have you been so sick, you just think you are gonna die?
Have you been checking dozens of physicians that tells you, you have nothing and it is all in your head?
It has been my routine every winters for the last 30 years.
It used to not matter: I always conveniently chose a room faraway in any place so that my cough would bother no one.
But now I have to face my angry spouse that really would like me to stay alive and raise our kid, and we have been living in tight spaces since we met...
Funny how small problems of 3D geometry can matter.
So basically: I cannot sleep at night, unless I accept to drown in a weird foam coming from my inside, wait 5 hours of zen acceptance of being between sleep and fucking vital reflexes waking me up because I literally drown in my own water and asthma get triggered while my body also try to put me to sleep to recover. Dreaming of drowning and yet being physically drowning in your own perspiration? Yummy!
Funny fact: unless you ask me now (the morning after), I have no memory of it. Just like pregnant women cannot remember what was their pain during the labour.
And during these nights I live the dreadful perspective of dying.
This morning I have a cheerful song into my brain when it comes to the melody (a New Orleans kind of tune) from everlast: when I was a very young boy, [my cough] told me we're all gonna die. (in the original lyrics it is mama not my cough)
For years, Doctors, shamans, and all kind of nicely knowing persons have gave me their bests at trying to heal me: but I suffer from nothing.
And at the end, I am either denied to suffer, or told it is God's way to tell me I am a bad person...
If I talk about it: I am a weirdo. If I say all kind of medicines are failing I am a liar. Because everybody knows that they are right in their beliefs.
So in order to have a social life I must forget the feeling of drowning in my sleep. Of feeling I am gonna die. And every morning, whatever my body is telling me how much my lungs, my heart, my sanity are damaged, I reconstruct a socially acceptable normal self: one that does not suffer, and like everybody else don't remember he well die. And go back to work or pass exams.
But there is a side effect of suffering huge amount of pain. You have a short amount of morning clarity the morning after...
One that tells you something important: today I AM ALIVE AND KICKING (and feeling like a fucking vulnerable weak shit (cough, ouch, cough)).
For some days (usually no more than 3) your priorities are re-based on one thing: you have one and only one life.
Only one that matters, and all the social limits put on your brain kind of falter.
It is like a smoke of screen that basically is our social based educations gets partially torn, and you are having a wake up call.
But, why do conflicts always appeared these morning after at my jobs I always wonder? Why my accepted obedience to society gets in the way of my will to live as I wish?
Actually, what do I wish?
For one thing, knowing that I am gonna die, I used to drown myself in technical stuff that requires so much focus that it diverts me from thinking of it too much. But also, excelling at doing give me a sense of internal peace and fulfilling.Totally crazy batshit crazy thinking. But I discovered it worked.
I love to do stuffs, because they help me squash away my fears, and I am all the more relieved that they are done the more correctly I can. The pleasure of some well done work. I am all the more attached to try do my code correctly that I know I am a temporary being on this earth.
And writing good piece of intellectual work is hard. So hard, I don't like most of my code, but I stubbornly try to make it better, or at least as good as I know it can be done. And I make mistakes ... a lot of them. From which I learn.
Because of this, my getting fired day often happens after these kind of existential wake up: I love to do stuff correctly because that helps me feel alive. And I like facts.
On reddit and hackernews I often get downvoted for being savage as fuck. But, the true story is truth is always savage.
Authority and status do not like being questioned. And there is no way in political context, Truth can be told.
More than once, even though my skill in security expertise is low did I spot obvious security holes. My expertise comes from the fact these mistakes are often mistakes I made myself and recognize.
Let's begin the story telling
A level III engineer (I was a probatory level I) really hated that in a code review I spotted an SQL injection : he was using an ORM, it was therefore impossible there was an injection ... unless he was building the query as a string and then sending it raw for execution.... argument he always discarded as false (fallacious behaviour) and as a threat to his authority. I told him that we all did mistakes, but apparently, since he as always be coding this way it could not be possible (else the solution would be flawed to the core).
So he left me to be dealt with higher level of managements that asked me to do a mission on a critical payment & authentication system, but without the documentations.
So, I had to reverse engineer the tool from 3 functions calls and a proxy web server.
It was JWT based solution. And, I spotted the very expensive auth system was failing 40% of the time. I thought that I must be stupid or the emperor was naked. Long story short feedback from the production were telling me the emperor was naked. Everybody knew but nobody would tell it because they used the wraith of the managerial authority with convocation to the higher managers to shut you down and give you a blame. Security obfuscation by retaliation.
Technical detail, I found by frequential analysis I was dealing with a base64 string, I decoded it, I found keywords, googles them and found a RFC. Then, I read it.
Basically the «secured» solution that was given as a token other HTTP GET method was a base 64 encoded string whereas the RFC mentioned it should be a urlsafe base 64 encoding... It made sense. But the devs, instead of a using an external dependency to have more control, rolled their own crypto.
In a company that is so big with so much turnover with so proud of hiring so much ninja coders thousands of experts have been hitting this bug for YEARS.
So, how does a life and death concerns in the morning affects a stupid technical problem? When you have a wife and life matters more than a stupid problem of a dysfunctional hierarchy that has ego problem, thinking of the relativity of coding compared to have an happy life should matter the most, no?
All my friends always told me to use my smart brain to do what everybody does: shut my mouth.
Me, after a bout of cough, my brain becomes stupid: I filled in a security bug and a functional bug report describing with a sample of code on how to reproduce the problem, the mathematical calculus to compute the frequency of failure, I used side channels to have figures to compare with the observed production rates of failure that were matching the analysis of the reason, why it happened and how to fix-it.
48 hours later I was shamefully brought to my desk by a security agent in front of all the coworkers to fill all my belongings in a box.
Years later, this bug is certainly still in production and affects million of users and have huge costs for the company. But, when I am telling the name of the company every one tells me, they should be proud of their products and I was dead wrong.
So, my conclusion on this episode is : security by pressure aka the naked emperor syndroma is real.
I will succinctly multiply the examples but let me tell you, it happened to me a lot. I more than once had a security engineer on vacation and needing secured acces to works.
Once I used an exploit in a linux perf counter to get root access ... that I reported when he came back. Needless to say I was not thanked for reporting ALL the linux servers were vulnerable for 6 months. (Same perfect company some of my respected security experts friend give their credential to).
Another time, I had to play with a jar (as if I ever coded in java) to read a library and guess that a «secured payment system» from Orange telecom was in fact based on the repetition of an XOR on a fixed string, with white space padding, with fixed data... Well, I «cracked» the password because else the company would not have been able to process the payment. I had to fill in my box one week later. The buy in one click feature from ISP is the one I oddly never use.
Another time I just told to a CTO you cannot make an exact 100 top ranking by merging 10 top ranking on 10 shards. (Distribution matters). I was told, math lie.
And that well, there was also quite a few SQL injections somewhere else ... for which I was told the ORM magically protect mantra ....
My hazed brain does it every time I wake up having the feeling I nearly died from my coughing in the night. I forget about social context. I am just bluntly honest about my work. Because that is my life saver.
Every time, when I get back to work my brain switches off the social limiters and when something needs to be done or said because it seems the obvious stuff to do to go on and jump to a new thrilling adventure my brain tells me: Oh! everybody is like you! We all know we are weak, make mistakes and how can reporting a factual technical simple problem having a fix that is ready backfires?
Every time, I decide to take the bull by the horns and say, look we have a problem that can be fixed.
Truth is problem is often already fixed by layers of duct taping programming that hold the solution afloat and a lot of jobs relies on this duct taping. We sell dreams not facts. We want stuff to look as if they are working, we don't actually need them to be correct (except if it is in a nuclear plant or for a peace-maker, or for an autopilot?)
But being alive is not being a coward that does what has to be done to protect your social position.
Being alive is liking who you are. And if you define yourself by your love in what you do, then if being true to your own self is trying to make things work, then it is what has to be tried. You have only one fucking life!
And believe me: there is no way human beings do not take it personally when they made a mistake and you spot it, it is just that when it is made by the upper management they will fire you. If it is an intern, he will just resent you in your back except if they are some of my precious padawans I am proud of having enlightened.
And now, I don't even remember that I had the feeling I died tonight. Focusing on these petty technical problems makes me forget all about this. The feeling of my own pain and agony is gone, and even though I put my social status at risk, I feel at peace with my own self doing the stuff in the way I think maybe correct.
My brutal honesty get me fired, it get me blocked at human resources interviews, and right now I live with the social minimum in a dire economical situation. But, fuck, honesty and living as yourself 24 hours a day is wonderful.
People see me as savage as an angry honey badger. I prefer to say I will not bow. My pride as a human is as vast as the eternity of void that you can expect after your own death.
Life is to short to live life as a full scale role playing game. Be yourself, and love who you are, and what you do, even if it hurts a tad. It will never hurt as much as wondering on your death bed why you messed up your only chance to live according to your own self.
And after smoking, my body fluids finally leave my lungs, giving me my much appreciated certainty tonight the problem will be fixed... and I dare not tell anyone that my cough was worse when I stopped smoking. Because ... everybody knows like Adolf H knew and all the others hygienists that there is no way tobacco can help... Yes it does, as much as smoking weeds, but I cannot: it is illegal.
Fuck my life on this, and please if nothing can heal me and legal medicine has given up on me, let me have access to the devil's lettuce that at least can ease my pain. Let me suffer less. Pain is not FUN!
No comments:
Post a Comment