[DaiPlusPlus]

My experience with startups lately is if it’s a greenfield project that started within the past 3 years then they’ll do everything by the book: sometimes even down to storing email addresses as hashes in the database, requiring a user to login first for the software system - and the company - to know their email address).

Older systems which depend on having PII and even financial information as cleartext in the database are the problem - and its essentially technical debt with far-reaching consequences, so no-one will fix a system that uses tenants’ customers’ SSNs as a primary-key (yup).

[baroffoos]

I am aware of a legacy system powering a local business which runs on Rails 1 on a version of debian from 2012 and stores users passwords in plaintext, downcased.

I have tried to explain so many times that this system needs to be replaced urgently not for security reasons but because no one actually knows how to use rails 1 anymore.

[dwoozle]

I have a Rails 1 product making $10K a year but I don’t have even the ability to log into the box anymore so if even the tiniest thing falls over that revenue is permanently gone for me.

[mjfisher]

I'm curious about the economics of this - is it big enough to not be worth redeveloping when you consider over the income over say, 3-5 years?

[dwoozle]

I’m too busy with my kids and my job to deal with it.