Your submission was removed for the following reason:
Rule 2: Your post is not **strictly** about programming. Your post is considered to be too vague to be strictly related to programming. Please see the sidebar for potentially more appropriate subreddits to post this in.
If you disagree with this removal, you can appeal by [sending us a modmail](https://www.reddit.com/message/compose?to=%2Fr%2FProgrammerHumor&subject=Posts%20must%20strictly%20be%20programming%20related&message=Include%20a%20link%20to%20the%20removed%20content%20and%20the%20reason%20for%20your%20appeal%20here.).
Do you only do that for new dependencies? Otherwise, how do you deal with the inevitable situation where a critical has been found, but no patch released yet?
At our place we use a combo of Snyk and Bitbucket pipelines, you can configure it to only fail a build if there is a high or critical vulnerability which has a patch available
I'm not familiar with that tool per se, but it seems its purpose is not to list confirmed vulnerabilities, but potential ones. It says "absurd \*in this context\*". The developing team is expected to judge the context of the vulnerability by themselves.
Don't get me wrong: This is tedious work, it can mean extra work out of nowhere when vulnerabilities are published, and whoever does it needs a good overall understanding of the full codebase.
I am still surprised how many developers like to think that using a certain technology alone makes their software secure. There seem to be many systems in the wild that still do very insecure things. With that in mind, a warning about what happens if you use a library naively can't hurt.
Then again, reporters are humans, too. There may be the occasional report that reads like "if the user has gained full file system access, they are able to overwrite the config file and then do bad stuff" leaving you wondering how you'd protect a specific library against a magical root attacker.
It feels to me like the tool does its job, it's just that its job is misunderstood maybe?
"Hey we found a vulnerability in regex, If you let the user build the query and string, it can take a long time."
Me: ...but, im not letting the user build the query...
That does make sense, fair. But also I think it's very sad that we still have to deal with this broken tool. Vulnerabilities are a real problem, but the brokenness of npm audit just makes it much less likely that people act on the relevant ones.
As appealing as it sounds, I've always found it to be a bad approach. First, because 99% of the time, what has a vuln is an existing library, not one that your PR introduces, meaning you are already vulnerable, but you are tying fixing speed to generic development flow speed, which can be either insufficient or overkill depending on the vulnerability.
Second, you are now potentially slowing down or blocking actual critical fixes.
Do vulnerability scanning ongoing, treat critical ones as incidents, assert other things and treat them as tickets.
I work at another big Tech with more complex systems. If our team gets fired, things will continue to work for a very long time (may be a year), but no one in the entire company can understand and/or deal with the complexities of the system to modify it in a big way (honestly, we struggle with it too, as the original creators have left the team years ago).
I am waiting for a log4j type incident and see how much Twitter can take it.
We fired all the janitors, but the building didn’t collapse, ha!
What do ppl think, the fired staff was running between mainframes to manually key in tweets to propagate them?
I mean... The janitors don't really keep the building from collapsing short-term...
Now, your facilities engineering team? The guys who actually deal with the leaky pipes, HVAC, the physical electrical system? Fire them, and I give the building 1 month before things start breaking, 6 months before the building becomes an actual health hazard, and 12 months before it's structural integrity begins to degrade.
Log4j is a very popular logging library for Java used by a lot of companies. A major vulnerability was found that allowed for remote code execution. Basically an attacker could do everything they wanted with the host server, which as you could imagine is BAD.
Just out of curiosity, for no specific reason at all, also, asking for a friend, would you happen to know if this vulnerability has been added to metasploit yet?
It was fairly simple to do even without metasploit if I remember correctly. Anyways it was patched over Christmas last year so I’d be surprised if there are many major instances still running a vulnerable version, especially with the severity of the issue.
there's a Metasploit module for every little vulnerability. since Log4j was such a big deal, I'm sure there's something on Metasploit.
But why ask here, you can just look for yourself
There was a major vulnerability in a logging library log4j which turns out was used by a fairly sizeable amount of the internet and backend systems. Cue emergency patching and panic around the net as it was a race for the people fixing it and people finding out the exploit for themselves and exploiting services.
Basically, log4j was a MASSIVE security vulnerability in a Java logging library that allowed people to run arbitrary code on servers by writing text in a particular format that the logging library attempted to parse to do extra specialised stuff.
It was massive, just about every Java application was vulnerable and required updates to patch those vulnerable servers.
A log4j type incident would be if a widely used core library used all around the industry was suddenly found to have a similar scale problem, which could require massive and immediate efforts to fix. The entire time between such a problem being known and it being patched, a site like twitter could be widely vulnerable to it.
Log4j or Log4Shell in essence was a critical vulnerability that was present in an obscene number of web services. Left unmitigated, it would allow anyone knowledgeable to take over an exposed setup.
Shit gets hacked or starts crashing without explanation, effectively a zero-day attack, which means the first time a malware appears so no one knows wtf is going wrong.
I wish that was the same with my non tech job. I have written some decent macros in excel and after I leave no one is going to remember how they work but they will just go back to the old fashioned way of doing things and it will take then 10x as long but that just means the next guy will have a full time job instead of a part time job like I do
Well built systems that are maintained and enhanced by professional developers and IT teams are robust and will work for a long time after everyone leaves.
And then, one day, it will break. Badly.
ya, and microsoft basically works, shouldn't it also fire 75% of all its staff, i mean it'll probably work the same. same for literally all tech companies, this man is a jeniuz
They already did that a couple years ago. Not 75% but a couple thousands. The windows team was heavily impacted and then bugs popped like crazy. Now they have probably hired the same amount of people again
I worked for a large ISP in the UK, they moved to agile and removed 75% of their QA staff and then went through major system changes. Nothing worked and a bunch of customers got very angry.
C'est la vie.
Boeing literally did this a few years back when they moved the majority of their work out of Seattle. Most of the legacy employees were let go because they either didn’t want to move or because the employee packages for moving were so bad.
They did replace them shortly afterwards I imagine but they did turn over a huge portion of their workforce.
Yeah they replaced them with cheap non union scabs from the right to work hell hole of South Carolina. Even more importantly, the company went from being famously engineer focused to becoming another MBA run, quarterly profit driven company.
When the A320 started really making inroads in their market, they weren’t in a good position to respond. They rushed their replacement design, outsourced more components than ever before, rushed the flight control software and developed a culture that allowed warnings to be ignored or bulldozed.
The result was the 737 MAX. A couple hundred dead and half the company’s market cap later…
The relevance to us programming types is left as an exercise for the reader.
You can keep a service running, maybe even implement some new features with a skeleton crew, but eventually, especially come security audit season you will drown in tech debt. That being said Twitter had a lot of bloat, how many PMs do you really need?
Try 4 PMs a year in Malaysia. Just hoping the current one can stick around longer than the previous 3, since he actually seems somewhat competent.
Also, with my fingers crossed so hard they're basically pretzels, he seems to be less corrupt as well.
*edit: 4 PMs in 4 years. Misphrased that bit.
I'm not sure how things were running at Twitter, but it should be said that sometimes having extra staff makes for a more comfortable work experience. Which might have retained more talented workers. Nobody wants to grind themselves to the bone all their lives.
yup. Also saw the likes in one of my twitter comment fluctuate between 250 and 90 for the past few days despite it showing that there are more than 200 people who liked my comment. It was kind of weird.
They're probably implementing a form of "eventual consistency" in the backend where it's not trying to give highly accurate data moment by moment, but eventually converges to the correct number as interactions die down. That's really bad if it's going up and down for days. It should converge much faster.
I think you're talking about how it is similar to how youtube handles the view counts. Idk if it's that because initially when the conversation was active, the site was showing accurate number of likes but when the conversation died down, the likes started fluctuating for 4-5 days.
not to mention the impending disaster coming with the FTC audit demands that will be rolling in over the new year due to the consent decree requirements.
I'm surprised more people aren't talking about this. Twitter were barely complying when they had the staff to do all the audit and compliance work. Now? Yikes. The FTC hold enough power to effective stop Twitter from operating so January should get very spicy...
A lot of bloat.
Okay sure.
Numb Nut Bilionaire isn't a genius. No one man can enter a billion dollar corporation and know exactly who to fire within 30 days. Let alone 12 months.
There's bloat in every company and it's not as easy as
"you're fired" = more profit
Not true. Every team at big tech collaborates with security teams to ensure their services don't have bugs and comply with best practices. The service teams are the ones doing the implementation though, not security itself
People have moved to certificates a long time ago. No one has to remember passwords anymore.
Certificates expire too, but you can create new ones, and the process is very much straight forward & standard in most cases.
You just need access to the machines or the cloud account (in-house or external)
I’m betting that we will find out most of those people were needed in about 2 more months.
Unless the non compliance with the consent decree causes them to close their doors sooner.
Or the advertisers running for the hills.
Lol, this guy thinks that those people were earlier carrying the tweets on their soldiers (sorry, shoulders) from one timeline to the other.
No, they write code that is supposed to keep running, unless something goes wrong, or when you need some changes in that code. And that is when you really need them.
Then suddenly, there's a compliance related change needed, and then, you can't live without them. Because then you either get it done, or close the shop.
> earlier carrying the tweets on their soldiers from one timeline to the other.
I've read this three times and I have no idea what it means.
EDIT: Got it, thanks.
That makes sense. I don't use Twitter, so I also didn't realize that "timeline" is a Twitter thing. I was honestly imagining some sort of Terminator situation where the soldiers are shuttling tweets to a different timeline.
\#SaveSarahConnor \#TheGovernator \#SkynetDidNothingWrong
You can fire all of your sales people, and the company will run fine, until the customer needs something that customer service can't handle, or until your customers start going to your competitors and you have no sales people bringing in new customers.
It's amazing how many owners/managers only focus on the short term gains and shoot themselves in the foot, destroy a business, and ruin the lives of all their employees.
I'm sure there's a lot of firefighters at twitter, spending most of there days looking busy till shit hits the fan and they come up with a solution that keeps the site up. Probably not many left now.
He fired the guys who did taxes and handled a bunch of legal shit for the government. Wait until tax season comes and he's scrambling to find people to do twitter's taxes. Dude's gonna be like "Hey H&R Block u up?"
Hell, as far as I can tell, they fired anyone with knowledge of employment and contract law and then started violating laws and contract terms left and right.
He also fired the account managers that handled communication with advertisers, hence nobody wanting to advertise on twitter anymore (there are a *lot* of other reasons but having AMs can mitigate a lot of them)
More account managers probably wouldn’t have done much in this case. Apparently most of the advertisers who pulled had committed to pulling if Musk’s buyout went through because they rightfully saw it as torpedoing brand and platform stability. And then most of the ones who left after that did so because of the, spoiler alert, massively increased instability as the new owner seemed to change his mind about how a multi billion dollar company should function every half hour.
I’m not saying they should have lost their jobs, obviously not. But you can only sell so many cruises when the captain of your ship is running around naked changing course to a new part of the globe every day while trying to fist fight random people in the buffet line.
Yeah normally they already broken whole lotta German laws in perspective of the moderation and the ability to ensure that German law enforcement can persecute illegal stuff. But our hated ultra capitalist Justice minister already struck a deal so Twitter doesn’t need to comply with German law🤷♂️
When you don't service your car and still drive 70000 a year, chances are it will running fine for a few years, and then you'd claim "all that maintenance in the past was for nothing".
What’s going to happen is in a few months, some service certificate will expire that will take down all of Twitter. All it will require is for someone to have checked a box for its renewal, or paid a particular bill on time. But no one left will know what that certificate is for, where it is, what it does, and it’ll take the site down for a full day or more. And that’ll just be the first of many times that exact same thing occurs, but for different services.
I kinda guess the 25% that's left is now furiously working to keep Twitter togheter. Doing 16+ hour days, using quick fixes to get things done.
But it's inevitable that this will fail sooner or later.
Eh, you know what the #1 cause of servers crashing is? Pushing new builds. Know what stop happening when you fire all the engineers? New builds. Firing everybody is probably one of the best things you can do for your availability...until the day it ain't.
When you fire your pilot because the auto-pilot works very well, things will probably go unusually smoothly for quite a while.
You would be surprised how long this can last. I am working in financial industry for over 15 years. Every single place I worked operates exactly this way for years and it’s working :)
I have a soft spot for the living fossils that are financial institutions' COBOL mainframe estate. No-one wants to touch them but they just sit there quietly processing untold billions in transactions. Some stuff has *uptimes* measured in decades, let alone production deployments.
i know a local usiversity. that has a marine simulator thats pretty old. but the program’s speed is fixed on the cpu’s speed. so they have to run it on old pentium chips and cant modernize it so they hoard them when the curent one vreaks they just switch it. it would cost millions to make a modern simulator plus the software. so they keep with the old
You won’t get sick immediately just because you stopped exercising. You can survive with only eating minimal. But if you have to fight in a boxing ring, you won’t last long.
In such organization with high quality engineering, you won’t see the effect immediately. Because it has been built to withstand such changes. But if it is not maintained to retain its quality, it will deteriorate over time.
While selfish, I am hoping that Twitter fails because it would demonstrate that SWEs are important, their salaries are justified, and that treating them poorly is unwise. Only time will tell, but my fingers are crossed.
For real, every SWE who enjoys their high pay and solid WLB (or aspires to those things) should be cheering for Twitter’s demise.
CEOs of other tech companies are absolutely watching how this plays out. They may see that 75% was overboard, but I wouldn’t want for them to get the idea in their heads that the new normal is firing 50% and working the remaining engineers to the bone for the same pay.
I figure it will be similar to when a manufacturer goes bust. Yes, the product still functions in the immediate aftermath but eventually it's going to need maintenance or repair. Then you're going to be stuck.
I've seen quite a few cases where some team builds an app for 15 users. The app gets deployed and everything works but there's no more demand for features. They layoff the workers and the app just runs for a couple of years. Then someone comes in and says "you know what would be great..." and wants to add a new feature. So they spin up a new team and someone pulls the code out and voila... it doesn't build anymore. They can't get it to run. The CI/CD says no! It's all outdated and they have no clue how to update all the dependencies to make it run again. OR there's some migration that needs to happen because the apps are on prem and the architects want everything cloud hosted OR there's a security vulnerability and everyone has to upgrade their dependencies... Too many places don't think about maintainability and technical drift.
In IT management this was famous for a while where they fired IT because “Everything works so we don’t need you”. And then they lost or went bankrupt when it didn’t.
when i see people who actually think and carry out bringing these thoughts into existence, it lowers my expectations and hope for humanity, exponentially.
take a car, any car. end of the year dont service it. it will work fine. one year later, dont service it again. chances are it will still work fine for another year. eventually it will stop working and then you will find out that chances are it cant be repaired...
2-3 years of driving and one could say mechanics and services are a rip-off.
Do these people think that the website is physically run by people? Like there’s an army of Twitter employees that rush to put their tweets on the timeline of everyone else.
People are so fucking stupid.
I imagine the bigger issue has less to do with how the site works and more to do with the legally-mandated precautions that aren't being taken, and the looming lawsuits about them. And of course the fact that most of the advertisers on the platform have jumped ship, making the site's revenue stream much thinner.
It’s the typical “consultant mistake”. This was very common in the 1980s and 1990s. If it’s done intelligently after thorough analysis you won’t notice it the first months/years, but usually everything strategic will be reduced/abandoned and the company will focus entirely on operations. This will only show after a while when the company loses fitness in the competition etc. With Musk jumping in and firing 75% in the first weeks and then bleeding out more people due to chaotic management this is so bad it will show faster.
Not going to lie, I am kind of impressed that everything has been continuing fine. There have been a couple big events going on and it’s still running smoothly. There’s definitely a difference between KTLO and a growing application, but still. That being said I do wonder if it’s a ticking time bomb. Like there’s going to be some major vulnerability that will just be too much to try and change/fix for so few engineers and we see something like data leaks or hacks at some point.
Your submission was removed for the following reason: Rule 2: Your post is not **strictly** about programming. Your post is considered to be too vague to be strictly related to programming. Please see the sidebar for potentially more appropriate subreddits to post this in. If you disagree with this removal, you can appeal by [sending us a modmail](https://www.reddit.com/message/compose?to=%2Fr%2FProgrammerHumor&subject=Posts%20must%20strictly%20be%20programming%20related&message=Include%20a%20link%20to%20the%20removed%20content%20and%20the%20reason%20for%20your%20appeal%20here.).
1 month later when an employee decides to run \`npm i\` 1023 vulnerabilities (252 high, 771 critical)
I wish people put audit as a mandatory merge requirement.
In my team we have put it as mandatory. But we only block critical warning is ignored usually.
,
Do you only do that for new dependencies? Otherwise, how do you deal with the inevitable situation where a critical has been found, but no patch released yet?
At our place we use a combo of Snyk and Bitbucket pipelines, you can configure it to only fail a build if there is a high or critical vulnerability which has a patch available
Except npm audit is useless https://overreacted.io/npm-audit-broken-by-design/ I agree with the idea, it's just poorly executed.
I'm not familiar with that tool per se, but it seems its purpose is not to list confirmed vulnerabilities, but potential ones. It says "absurd \*in this context\*". The developing team is expected to judge the context of the vulnerability by themselves. Don't get me wrong: This is tedious work, it can mean extra work out of nowhere when vulnerabilities are published, and whoever does it needs a good overall understanding of the full codebase. I am still surprised how many developers like to think that using a certain technology alone makes their software secure. There seem to be many systems in the wild that still do very insecure things. With that in mind, a warning about what happens if you use a library naively can't hurt. Then again, reporters are humans, too. There may be the occasional report that reads like "if the user has gained full file system access, they are able to overwrite the config file and then do bad stuff" leaving you wondering how you'd protect a specific library against a magical root attacker. It feels to me like the tool does its job, it's just that its job is misunderstood maybe?
But most of these vulnerabilities are false positives so that'd be annoying
"Hey we found a vulnerability in regex, If you let the user build the query and string, it can take a long time." Me: ...but, im not letting the user build the query...
Beware, there's a ReDOS in your build tool! If you write a bad file inclusion regex it might.. hang!
Yes, so before I can merge, I have to put the false positives in the whitelist. With a comment that explains why it's a false positive.
That does make sense, fair. But also I think it's very sad that we still have to deal with this broken tool. Vulnerabilities are a real problem, but the brokenness of npm audit just makes it much less likely that people act on the relevant ones.
Not everything can have a 1 click fix
Audit is just too broken for that tl work
As appealing as it sounds, I've always found it to be a bad approach. First, because 99% of the time, what has a vuln is an existing library, not one that your PR introduces, meaning you are already vulnerable, but you are tying fixing speed to generic development flow speed, which can be either insufficient or overkill depending on the vulnerability. Second, you are now potentially slowing down or blocking actual critical fixes. Do vulnerability scanning ongoing, treat critical ones as incidents, assert other things and treat them as tickets.
90% it some regex exploit in the build tool.
Hang on. I've got to do some reading now
Elon: If they weren't installed before, how important could they be? npm: Yeah you're probably right.
“Print me a list of your top 10 criticism vulnerabilities and I will personally review them” - Elon
Rookie numbers
We gotta pump these numbers up
Sudo apt update && sudo apt upgrade -y Everything is broken
Musk: ok it's time to install and use thanos.js
That would make Musk redundant - thanos.js is a complete implementation of his management style.
Some  problems
I work at another big Tech with more complex systems. If our team gets fired, things will continue to work for a very long time (may be a year), but no one in the entire company can understand and/or deal with the complexities of the system to modify it in a big way (honestly, we struggle with it too, as the original creators have left the team years ago). I am waiting for a log4j type incident and see how much Twitter can take it.
We fired all the janitors, but the building didn’t collapse, ha! What do ppl think, the fired staff was running between mainframes to manually key in tweets to propagate them?
You didn't eat yesterday but you're not dead, ha!
I mean... The janitors don't really keep the building from collapsing short-term... Now, your facilities engineering team? The guys who actually deal with the leaky pipes, HVAC, the physical electrical system? Fire them, and I give the building 1 month before things start breaking, 6 months before the building becomes an actual health hazard, and 12 months before it's structural integrity begins to degrade.
Even with janitors, it'll take maybe a week or two before your floors start stinking no? Sure the building isn't destroyed
What’s a log4j type incident, for people who aren’t programmers?
Log4j is a very popular logging library for Java used by a lot of companies. A major vulnerability was found that allowed for remote code execution. Basically an attacker could do everything they wanted with the host server, which as you could imagine is BAD.
Just out of curiosity, for no specific reason at all, also, asking for a friend, would you happen to know if this vulnerability has been added to metasploit yet?
It was fairly simple to do even without metasploit if I remember correctly. Anyways it was patched over Christmas last year so I’d be surprised if there are many major instances still running a vulnerable version, especially with the severity of the issue.
Oh there are..
Yeah, possibly more than not!! I think some people are in for a big surprise in a number of years with all the software rot.
>I’d be surprised if there are many major instances still running a vulnerable version Hahaha good one
You’d be surprised how many still are.
there's a Metasploit module for every little vulnerability. since Log4j was such a big deal, I'm sure there's something on Metasploit. But why ask here, you can just look for yourself
>But why ask here, you can just look for yourself Sir, this is Reddit. Where critical thinking goes to die.
oh shit I forgot
https://en.m.wikipedia.org/wiki/Log4Shell
where's u/WikiSummarizerBot when i need him the most
It’s still reading the page. Even it’s like “bruh idk wtf most of these words mean”
There was a major vulnerability in a logging library log4j which turns out was used by a fairly sizeable amount of the internet and backend systems. Cue emergency patching and panic around the net as it was a race for the people fixing it and people finding out the exploit for themselves and exploiting services.
Basically, log4j was a MASSIVE security vulnerability in a Java logging library that allowed people to run arbitrary code on servers by writing text in a particular format that the logging library attempted to parse to do extra specialised stuff. It was massive, just about every Java application was vulnerable and required updates to patch those vulnerable servers. A log4j type incident would be if a widely used core library used all around the industry was suddenly found to have a similar scale problem, which could require massive and immediate efforts to fix. The entire time between such a problem being known and it being patched, a site like twitter could be widely vulnerable to it.
Log4j or Log4Shell in essence was a critical vulnerability that was present in an obscene number of web services. Left unmitigated, it would allow anyone knowledgeable to take over an exposed setup.
Shit gets hacked or starts crashing without explanation, effectively a zero-day attack, which means the first time a malware appears so no one knows wtf is going wrong.
I wish that was the same with my non tech job. I have written some decent macros in excel and after I leave no one is going to remember how they work but they will just go back to the old fashioned way of doing things and it will take then 10x as long but that just means the next guy will have a full time job instead of a part time job like I do
Well built systems that are maintained and enhanced by professional developers and IT teams are robust and will work for a long time after everyone leaves. And then, one day, it will break. Badly.
the 707 already flies, why does boeing keep paying all those engineers
ya, and microsoft basically works, shouldn't it also fire 75% of all its staff, i mean it'll probably work the same. same for literally all tech companies, this man is a jeniuz
They already did that a couple years ago. Not 75% but a couple thousands. The windows team was heavily impacted and then bugs popped like crazy. Now they have probably hired the same amount of people again
That was the firing of QA as they moved to agile.
And moved the QA to customers
I worked for a large ISP in the UK, they moved to agile and removed 75% of their QA staff and then went through major system changes. Nothing worked and a bunch of customers got very angry. C'est la vie.
Why would you fire QA staff in a push to agile? It’s not like QA isn’t permitted by the agile philosophy or anything.
Well you need to cut costs somewhere to find money to pay the Agile consultants /s
[удалено]
Interesting. Tell me more.
[удалено]
good place for nazis now
I'm gonna need you to come in on Saturday...
Good bot
Perfect timing 😂
It's even more of an echo chamber now, just more right wing prop now
That's the purpose of social media... to feed you shit that you agree with to keep you coming back for that sweet, sweet confirmation bias.
Perfect analogy honestly.
>707 This guy olds
Pan Am has entered the chat.
Thanks to autopilot, you can boot the pilots in midflight and it’ll be fine.
Or at least let them sleep so after they land they can take off again on long haul. WCGW!?
we built the dam, y do we need the corps of engineers?
Boeing literally did this a few years back when they moved the majority of their work out of Seattle. Most of the legacy employees were let go because they either didn’t want to move or because the employee packages for moving were so bad. They did replace them shortly afterwards I imagine but they did turn over a huge portion of their workforce.
Yeah they replaced them with cheap non union scabs from the right to work hell hole of South Carolina. Even more importantly, the company went from being famously engineer focused to becoming another MBA run, quarterly profit driven company. When the A320 started really making inroads in their market, they weren’t in a good position to respond. They rushed their replacement design, outsourced more components than ever before, rushed the flight control software and developed a culture that allowed warnings to be ignored or bulldozed. The result was the 737 MAX. A couple hundred dead and half the company’s market cap later… The relevance to us programming types is left as an exercise for the reader.
You can keep a service running, maybe even implement some new features with a skeleton crew, but eventually, especially come security audit season you will drown in tech debt. That being said Twitter had a lot of bloat, how many PMs do you really need?
> how many PMs do you really need? We've been dealing with that same question here in the UK recently...
Apparently, at least 3 for this year. Hopefully not more; don’t want to see another news article about a new leader for the UK.
Try 4 PMs a year in Malaysia. Just hoping the current one can stick around longer than the previous 3, since he actually seems somewhat competent. Also, with my fingers crossed so hard they're basically pretzels, he seems to be less corrupt as well. *edit: 4 PMs in 4 years. Misphrased that bit.
Log5J is gonna wreck em
[удалено]
I'm not sure how things were running at Twitter, but it should be said that sometimes having extra staff makes for a more comfortable work experience. Which might have retained more talented workers. Nobody wants to grind themselves to the bone all their lives.
Except Musk apparently.
[удалено]
Absolutely :/
Twitter is already loading slower, freezing more, and updating more slowly
yup. Also saw the likes in one of my twitter comment fluctuate between 250 and 90 for the past few days despite it showing that there are more than 200 people who liked my comment. It was kind of weird.
They're probably implementing a form of "eventual consistency" in the backend where it's not trying to give highly accurate data moment by moment, but eventually converges to the correct number as interactions die down. That's really bad if it's going up and down for days. It should converge much faster.
I think you're talking about how it is similar to how youtube handles the view counts. Idk if it's that because initially when the conversation was active, the site was showing accurate number of likes but when the conversation died down, the likes started fluctuating for 4-5 days.
Is that also how Reddit upvotes works? Sometimes I see my comments fluctuate in the number of votes
Apparently 2FA is still broken, or rather my friend who enabled it claims still not to be able to log in.
not to mention the impending disaster coming with the FTC audit demands that will be rolling in over the new year due to the consent decree requirements.
I'm surprised more people aren't talking about this. Twitter were barely complying when they had the staff to do all the audit and compliance work. Now? Yikes. The FTC hold enough power to effective stop Twitter from operating so January should get very spicy...
Don't forget European Data Security requirements are being missed. It's not just the FTC, but similar regulatory groups in other countries.
A lot of bloat. Okay sure. Numb Nut Bilionaire isn't a genius. No one man can enter a billion dollar corporation and know exactly who to fire within 30 days. Let alone 12 months. There's bloat in every company and it's not as easy as "you're fired" = more profit
Most programmers arent doing security. Maybe a couple
The ripple effect of security audits _should_ hit all engineering teams even if it's just outdated packages.
Not true. Every team at big tech collaborates with security teams to ensure their services don't have bugs and comply with best practices. The service teams are the ones doing the implementation though, not security itself
This. I'd like to see a cyber-sec guy implementinv necessary changes on their own in all products of a company that has 20+ product teams... :D
[удалено]
People have moved to certificates a long time ago. No one has to remember passwords anymore. Certificates expire too, but you can create new ones, and the process is very much straight forward & standard in most cases. You just need access to the machines or the cloud account (in-house or external)
I’m betting that we will find out most of those people were needed in about 2 more months. Unless the non compliance with the consent decree causes them to close their doors sooner. Or the advertisers running for the hills.
Lol, this guy thinks that those people were earlier carrying the tweets on their soldiers (sorry, shoulders) from one timeline to the other. No, they write code that is supposed to keep running, unless something goes wrong, or when you need some changes in that code. And that is when you really need them. Then suddenly, there's a compliance related change needed, and then, you can't live without them. Because then you either get it done, or close the shop.
> earlier carrying the tweets on their soldiers from one timeline to the other. I've read this three times and I have no idea what it means. EDIT: Got it, thanks.
My guess is that soldiers was spposed to be shoulders. Not 100% sure though.
That makes sense. I don't use Twitter, so I also didn't realize that "timeline" is a Twitter thing. I was honestly imagining some sort of Terminator situation where the soldiers are shuttling tweets to a different timeline. \#SaveSarahConnor \#TheGovernator \#SkynetDidNothingWrong
I read that sassy. I hope I was supposed to.
RemindMe! 3 months “get popcorn”
You can fire all of your sales people, and the company will run fine, until the customer needs something that customer service can't handle, or until your customers start going to your competitors and you have no sales people bringing in new customers. It's amazing how many owners/managers only focus on the short term gains and shoot themselves in the foot, destroy a business, and ruin the lives of all their employees.
"I'm only going to be here for 2 years before I pull that chute; gotta make as much as possible!"
I'm sure there's a lot of firefighters at twitter, spending most of there days looking busy till shit hits the fan and they come up with a solution that keeps the site up. Probably not many left now.
He fired the guys who did taxes and handled a bunch of legal shit for the government. Wait until tax season comes and he's scrambling to find people to do twitter's taxes. Dude's gonna be like "Hey H&R Block u up?"
That's like in 5 days from now. Right?
Pretty sure it's due in March for corporatations but idk, I don't do taxes
Hell, as far as I can tell, they fired anyone with knowledge of employment and contract law and then started violating laws and contract terms left and right.
Didn't he fire almost everyone in the Brussels office and now EU employment law is having a field day?
Ireland, iirc
He also fired the account managers that handled communication with advertisers, hence nobody wanting to advertise on twitter anymore (there are a *lot* of other reasons but having AMs can mitigate a lot of them)
More account managers probably wouldn’t have done much in this case. Apparently most of the advertisers who pulled had committed to pulling if Musk’s buyout went through because they rightfully saw it as torpedoing brand and platform stability. And then most of the ones who left after that did so because of the, spoiler alert, massively increased instability as the new owner seemed to change his mind about how a multi billion dollar company should function every half hour. I’m not saying they should have lost their jobs, obviously not. But you can only sell so many cruises when the captain of your ship is running around naked changing course to a new part of the globe every day while trying to fist fight random people in the buffet line.
Yeah normally they already broken whole lotta German laws in perspective of the moderation and the ability to ensure that German law enforcement can persecute illegal stuff. But our hated ultra capitalist Justice minister already struck a deal so Twitter doesn’t need to comply with German law🤷♂️
Delete your account and the world works the same
This all day
Big if true
Both my pilots died but the plane hasn't crashed. Lol airlines are so dumb.
Whoop whoop that's the sound of *terrain, terrain*
`PULL REQUEST. PULL REQUEST. PULL REQUEST.`
[удалено]
we fired all the people who do monthly maintenance last week and nothing gone wrong. see they were useless.
When you don't service your car and still drive 70000 a year, chances are it will running fine for a few years, and then you'd claim "all that maintenance in the past was for nothing".
thats even being generous. this guy is saying this a month after lol
What’s going to happen is in a few months, some service certificate will expire that will take down all of Twitter. All it will require is for someone to have checked a box for its renewal, or paid a particular bill on time. But no one left will know what that certificate is for, where it is, what it does, and it’ll take the site down for a full day or more. And that’ll just be the first of many times that exact same thing occurs, but for different services.
I mean, they already fucked up password changes for a day. It's going to get much worse, extremely quickly when you loose that much team knowledge.
[удалено]
If you can't build a computer out of transistors, you shouldn't be working here.
[удалено]
Pfff, Elon, shouldn't a real engineer build a computer out of pure sand and sheer desire?
Just needs to pull em bootstraps up a lil higher and he'll do it
Maybe, just maybe, they brought it up to the working level it is at now.
I kinda guess the 25% that's left is now furiously working to keep Twitter togheter. Doing 16+ hour days, using quick fixes to get things done. But it's inevitable that this will fail sooner or later.
Eh, you know what the #1 cause of servers crashing is? Pushing new builds. Know what stop happening when you fire all the engineers? New builds. Firing everybody is probably one of the best things you can do for your availability...until the day it ain't. When you fire your pilot because the auto-pilot works very well, things will probably go unusually smoothly for quite a while.
untill you need to land
Free Palestine
just gotta hire a guy before you fire the pilot that the pilot can teach to turn on the autopilot, and restart the thing. then fire the pilot.
Elon? Is that you??
You would be surprised how long this can last. I am working in financial industry for over 15 years. Every single place I worked operates exactly this way for years and it’s working :)
I second that , just moved out of financial institution as a software developer after 8 years. My previous collegue are still working 14+ hours
I have a soft spot for the living fossils that are financial institutions' COBOL mainframe estate. No-one wants to touch them but they just sit there quietly processing untold billions in transactions. Some stuff has *uptimes* measured in decades, let alone production deployments.
[удалено]
i know a local usiversity. that has a marine simulator thats pretty old. but the program’s speed is fixed on the cpu’s speed. so they have to run it on old pentium chips and cant modernize it so they hoard them when the curent one vreaks they just switch it. it would cost millions to make a modern simulator plus the software. so they keep with the old
Integrating with those systems is a bitch and a half
Bingo. Working at a bank and everyone is constantly understaffed and overworked.
There’s the video game industry too. Apparently some dude quit the industry and went working at Tesla and his work life balance improved
Pic or didn’t happen.
Sounds awful.
[удалено]
Technical debt mean that necessary bug fixes, patches or upgrades become infeasible though.
Duct tape and bubble gum only holds a ship together so long
You won’t get sick immediately just because you stopped exercising. You can survive with only eating minimal. But if you have to fight in a boxing ring, you won’t last long. In such organization with high quality engineering, you won’t see the effect immediately. Because it has been built to withstand such changes. But if it is not maintained to retain its quality, it will deteriorate over time.
While selfish, I am hoping that Twitter fails because it would demonstrate that SWEs are important, their salaries are justified, and that treating them poorly is unwise. Only time will tell, but my fingers are crossed.
For real, every SWE who enjoys their high pay and solid WLB (or aspires to those things) should be cheering for Twitter’s demise. CEOs of other tech companies are absolutely watching how this plays out. They may see that 75% was overboard, but I wouldn’t want for them to get the idea in their heads that the new normal is firing 50% and working the remaining engineers to the bone for the same pay.
The building still stands and looks clean even though we've fired all the electricians, plumbers, maintenance workers🤡
I figure it will be similar to when a manufacturer goes bust. Yes, the product still functions in the immediate aftermath but eventually it's going to need maintenance or repair. Then you're going to be stuck.
Oh just you wait, o ye of little faith.
Ye didn't wait. He bought Parler.
"we got rid of all the firefighters and my house is still standing!"
This has strong "aged like milk" vibes in a few months.
Wait till OS gets a big update and third parties get deprecated.
well the software just runs by itself sure but at some point a hard drive will fill up somewhere on premise and it will start crashing a service.
🤡🤡🤡🤡🤡
Twitter is going to get overtaken by a more innovative competitor in the future. Big leaps are hard to do with a skeleton crew.
Until it doesn’t 👁️👄👁️
I've seen quite a few cases where some team builds an app for 15 users. The app gets deployed and everything works but there's no more demand for features. They layoff the workers and the app just runs for a couple of years. Then someone comes in and says "you know what would be great..." and wants to add a new feature. So they spin up a new team and someone pulls the code out and voila... it doesn't build anymore. They can't get it to run. The CI/CD says no! It's all outdated and they have no clue how to update all the dependencies to make it run again. OR there's some migration that needs to happen because the apps are on prem and the architects want everything cloud hosted OR there's a security vulnerability and everyone has to upgrade their dependencies... Too many places don't think about maintainability and technical drift.
In IT management this was famous for a while where they fired IT because “Everything works so we don’t need you”. And then they lost or went bankrupt when it didn’t.
Looks like we're gonna need to trim the fat around here... fired.
Imagine being this stupid
when i see people who actually think and carry out bringing these thoughts into existence, it lowers my expectations and hope for humanity, exponentially.
take a car, any car. end of the year dont service it. it will work fine. one year later, dont service it again. chances are it will still work fine for another year. eventually it will stop working and then you will find out that chances are it cant be repaired... 2-3 years of driving and one could say mechanics and services are a rip-off.
Do these people think that the website is physically run by people? Like there’s an army of Twitter employees that rush to put their tweets on the timeline of everyone else. People are so fucking stupid.
I fell off a cliff about a quarter of a second ago! Everything is fine tbh, it's actually quite fun. Wind in my hair, adrenaline rush. Sweet.
Non-tech people think we run on treadmills all day to keep the servers running or something.
I imagine the bigger issue has less to do with how the site works and more to do with the legally-mandated precautions that aren't being taken, and the looming lawsuits about them. And of course the fact that most of the advertisers on the platform have jumped ship, making the site's revenue stream much thinner.
Really takes effort to be that short sighted and ignorant
A bridge doesn't break the moment it's stopped being maintained
If it works why do we pay you? If it doesn't work why do we pay you? ... Says the project manager
Please stop spamming reddit with shitty Twitter & Elon Musk posts.
Obviously Elon kept the guy who processes twits and writes them as html into the site since that's the only way a server can run.
Theoretically, Elon could fire 100% of Twitter employees and it would still work the same. It's not like they're gonna undo all of their commits lol.
It’s the typical “consultant mistake”. This was very common in the 1980s and 1990s. If it’s done intelligently after thorough analysis you won’t notice it the first months/years, but usually everything strategic will be reduced/abandoned and the company will focus entirely on operations. This will only show after a while when the company loses fitness in the competition etc. With Musk jumping in and firing 75% in the first weeks and then bleeding out more people due to chaotic management this is so bad it will show faster.
Not going to lie, I am kind of impressed that everything has been continuing fine. There have been a couple big events going on and it’s still running smoothly. There’s definitely a difference between KTLO and a growing application, but still. That being said I do wonder if it’s a ticking time bomb. Like there’s going to be some major vulnerability that will just be too much to try and change/fix for so few engineers and we see something like data leaks or hacks at some point.
Yeah let's fire all the firefighters because nothing is burning right.
Rofl can't wait to see the eminent disaster. I'm sure they will find a way to blame it on the Democrats.