[richard_mcp]

I'm confused how this was able to give out money before the new code was submitted to production. The author claims that both she and her coworker tested it before the code was submitted and they ended up with the extra $25k. Was this code only executed on the front end? Were there no checks in the backend to prevent employees from just pulling out whatever money they wanted?

[adamsb6]

The way that things work at this particular company is that you typically test changes in this codebase on your dev machine, but usually the dev machine talks to a prod database.

The prod database is too large to practically have a second copy sitting around for testing. Also, if you tested on some pristine small test database you're going to end up missing bugs that would only manifest with actual prod data.

[namrog84]

I get it but that just seems really dangerous. I hope they have a lot of guard rails and roll back support or something.

[adamsb6]

They do. Feature flags are part of the culture, you'll typically gate in a very small set of objects that could initially receive any new treatment.

[justinator]

Local was front end stuff, back end was still talking to production.

[kleinsch]

For some systems in that environment, the back-end for dev was actual production. Keep in mind that wasn’t handing out actual money, it was creating ads credit.

[dmix]

The way she said it ‘crashed’ and you could just reload the page, and that it was frontend work also points to browser js code?

So yeah I’m curious how that worked too.

[rockinghigh]

As I understand, the frontend and backend code run in a development environment but the funds available were stored in a production database.

[hk__2]

As I understand it the code gave you $25k credit, not $25k actual money.

[tartoran]

Yeah but you missed the funny part in front of money.