[chaps]

These stories ring so, so true. Once worked at a company whose infrastructure issues were so deep and festering that after fighting a fire, my boss told me, "If you go to the press about this, the client will sue us and everyone who works here will lose their jobs."

[aliqot]

That's what I never understood about this story; did you guys have any suspicion it would dump radiation into the patient all at once, or was this like a concurrency bug

[chaps]

We weren't able to reliably install security daemons on a client's machine because the entire automation system didn't account for autoscaling. The issues were raised well before I joined and the project head legitimately didn't understand it as a problem that needed solving. The hosts were for a presidential candidate's webserver, and they noticed the webservers were missing security daemons days before the election.

[outworlder]

> security daemons

AKA compliance checkbox crap?

If infrastructure is immutable (which makes it work even better for autoscaling), nothing new will get installed unless you build a new image. Export whatever data you require to ensure things you want to be running are running. Monitor entry and exit points.

What is left for the "security deamons" to do?

[DiggyJohnson]

Maybe I'm missing a joke, but was your client HRC's campaign?(?!)

[rightbyte]

I think she should have gotten more hacker cred for running her own mail server.

[SturgeonsLaw]

Right? Of all things to self host.

Although if it was an IRC server then that would have been truly 1337.

[strbean]

Did HRC's campaign website get hacked? I know her mailserver was hacked, but that was when she was secretary of state, no?

[aliqot]

That's not important and this ain't the place to ask otherwise they'd have told us.

[DiggyJohnson]

> this ain't the place to ask

Am I double-whooshing here?

How is a Hacker News comment thread not the right place to respectfully ask questions in response to interesting comments. I know I'm not entitled to an answer, nor do I intend to start a flame war. Sheesh

[lmm]

There's nothing respectful about asking something that someone has very blatantly made a deliberate decision to leave out of their post, for completely understandable reasons.

[aliqot]

It is personal information that risks identifying them more than they already had at the time of posting. It took about two seconds to put everything together. I don't have a dog in this fight politically one way or the other, people don't need to identify themselves IRL here.

[iosono88]

Lol

[aliqot]

jeez thats a rough spot to be in. did you stick around to fix it or just get the hell out of dodge after that?

[chaps]

I did what I could with a handful of selenium scripts, then hit a road block because we didn't have ssh access to a chunk of the autoscaling hosts. Gave up after that, told the customer rep to tell them we can't do it, and gave my two week notice about a month later.

[aliqot]

Ouch, that has to be rough to endure. I'm glad you seem to be in a better place now. Good on you for doing the right thing and getting the hell out of there when your options ran out.

[riffic]

are "security daemons" truly necessary though?

this whole thing sounds like a troll with enough convincing language to seem plausible

[chaps]

We could debate security daemons until our minds bleed, but.. man, I wish that all didn't happen.

[77pt77]

Without the security daemons you risk a flux capacitor overload and that leads to it being exploitable via pointer wraparound.

[riffic]

in that case I'll throw on my wraparound shades..

and deal with it

[whats_a_quasar]

Huh? Are you assuming that the parent comment is about someone programming a medical device?

[lifeisstillgood]

I'm think it's a meta joke - Therac-25 (https://en.m.wikipedia.org/wiki/Therac-25) was a radiotherapy machine from the early 1980s and is (in)famous for having software failed and killed I think dozens of people. It's become a well known case study, but it's highly unlikely anyone on HN worked on it - I think that's the joke.