Hacker News new | past | comments | ask | show | jobs | submit login

you know that some developers intentionally add "time bomb" bugs and introduce bugs that trigger after certain period of time - just so that they knock it off with the hammer in one minute an justify their "maintenance support" contract.

there was a story about one european company and an Excel spreadsheet with VBA code that would stop working after 3 months and a developer who would "unlock" it for another 3 mo if he has a maintenance contract




Well, don't get caught then I guess.

https://arstechnica.com/tech-policy/2019/12/contractor-admit...

> On Monday, David A. Tinley, a 62-year-old from Harrison City, Pennsylvania, was sentenced to six months in prison and a fine of $7,500 in the scheme.


It just needs to look like a bug, not a feature.


I wish the article said how he was caught


Initially, the offending code was password-protected. However:

> While this worked for about two years until May 13, 2016, Tinley's scheme was discovered when he was out of town and he had to give his password to Siemens' employees because of a time-sensitive deadline that required the spreadsheets to work.

Oops.

https://www.bleepingcomputer.com/news/security/siemens-contr...


I experienced something similar early in my career. I was stunned when the old guy who'd been brought in for one day of consulting explained that he'd renamed his parameters with single characters to guarantee future work.

but the GM had already given us a stern warning to show him respect. also he got around without the use of his legs. If I'd reacted as I wanted to it would not have gone down well...


> he'd renamed his parameters with single characters to guarantee future work.

Then they hired an intern with compiler experience and suddenly his help wasn't needed anymore


I was recently having a conversation where I speculated that with how bad some programmers are at naming things, some code reviews might actually be easier if you ran them through a code obfuscator first, so you can focus on what the code does rather than being tricked into making invalid assumptions by misleading names.


This gives me a great inspiration for a programming puzzle and learning method:

Replace all variable/function names with generics. Your only job is to give names to every variable (trying to figure out what each does). After you're done you can compare to de-obfuscated names to see if they do what you expected (if they're named sensibly).


Build the MVP!


A bit much on my plate. Care to join in?


well, kinda. anyway, legless ahole only got one day of high-rate consulting for his trouble.


Code review should throw his work back at him and tell him to name his variables properly


Back in the days of Visual Source Safe you could roll your system clock forward and check something and it wouldn’t go into effect for everyone else until their clocks caught up. For example, 6 months after you leave the company.


I feel like there in an interesting story hiding under this comment! I would like to hear it. :)


The original PaaS!


Except you have to bring your own platform too! BYOPaaS?


You sound like the manager in that story looking for a way to mark down the fee




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: