Your Best Work?

The best piece of work you've ever done?

This is one of those subjective questions you can pose people, and you always hope that there's better to come, so really what we're asking a software engineer is "What is the best piece of software or project you've done so far?"

As technology is always marching on and new ideas are always emerging you can often say you're going to make something better, which is great, but it makes it harder and harder to pick out the best pieces of work from your portfolio.... Do you judge it by the number of users or downloads or how much money it made the company or even how much you were paid to do the work?

Monetarily the most money I've ever made on a piece of software was for a website I wrote in about two weeks in ASP & javascript in about 2002, which netted me the grand sum of £4000 for 80 hours work, literally £50 an hour.  But it wasn't the best work I ever did; I mean (snear) it was javascript.

The most interesting work I've ever done is the work I'm doing right now, but I can't talk about that.

So this leads me back a step to my long tenure at my prior employer, the best work I think I did, was a project to port the existing system to a new hardware platform; this involved reverse engineering the hardware interface and writing a new interface for the hardware abstraction layer for that particular hardware, which worked seamlessly and the whole system was agnostic as to which hardware type it was booted up upon.

This was not how that particular system was engineered, so in about four weeks I not only made the hardware interface an abstract interface, but also developed a test bed for the new hardware and then sewed the two together; four weeks in that environment was an incredibly fast turn around.

And it was extremely enjoyable.

That section of work was one of the best pieces of work I ever did.

Years later the creator of that hardware came to work for the company, he saw his hardware but our software and asked a few pertinent questions, for he thought his hardware was secure and could not be made to work on another platform without his secret sauce.  Let us just say it was fun to NOT tell him quite how I'd done the reverse engineering; unfortunately this reverse engineering nous set me up for the next big reverse engineering jail break required by the company, and it was a totally different kettle of fish and worthy of it's own post later.

Companies : Don't Rush & Ruin your Software!

Why do some companies do software backwards?  I'm not going to be talking about my employer, this isn't a comment about the work I do for them, it's a comment about a company which supplies us, and whom has provided subsystems for us.  Building blocks which we want to stick together into a product... A little like putting together a PC at home, you build the machine, but Intel make the CPU... I hope you're getting me so far...

The problem I have is the increasing number of vendors whom seem to see Software as either, at best, an after thought, or at worst, an evil necessity.

The software in your systems today are the glue which hold everything together, they coordinate the physical to the component level, if you make a great button to turn on a great machine that's fine; if it's mechanical; but if that button is driving a piece of software, a trigger, a service or just a PIC for heavens sake test it, think about it, write the software, try it yourself!

A great chef should never ever deliver a dish to a table before they have tasted it!  So you as a software engineer, as a provider of components, as a system integrator should taste test your own software!

The number of absolutely abysmal software packages backing up otherwise very good products is ever increasing, and it's not acceptable, either as a third party receiving such devices to re-package, integrate & push upstream, or as a consumer spending their hard earned cash on items which then go on to not work.

I review very many things, and many of them are let down by Software, and it's not acceptable; get quality Software Engineers into do your code, don't just pay the tea boy to bash up a script over a weekend!

And if you're not sure about your software offering, you think it might need work, post it clearly and neatly on github (or wherever) for the customer to take a look, don't obfuscate things, don't hide behind great massive Red Wood Tree style tall stacks of build tools.  Because as much as I like Docker & Yocto & CMake & Make & Gradle and all the others I've used right down to DOS Batch files or Bash Shell scripts, if they don't work for the customer, if they need their machine setting up a certain way, with a certain set of libraries DO NOT blame the customer when they turn around and reject your product because your documentation is utterly lacking in depth or accuracy!

The Hack

I've been off work, obviously with my feet, however, I've also been off because I've moved house, which took just over a week.  There are a couple of bits and bobs left at the old house and the sale is progressing, whether it all gets done for Christmas and the wife and I can actually celebrate is anyones guess.

Those events are however not what I want to talk about today, no todays topic is one of the systems under my control being the subject of a hack, a successful hack too.

I've been in this game a long time, I've administered Unix, VAX VMS, Sun Solaris, Windows and Linux servers, I've seen access attempts, heard social engineers (cold callers) and even found evidence of folks trying to pick locks to server and switching equipment cabinets.

Until this hack however I'd never lost control of a machine, never had any damage done, and never expected such a strange attack.

The target machine for these problems was a Windows 7 32 Bit virtual machine, being used as a development box with an externally open port to a fixed IP on the local LAN, which the IT Admin had wired upto the company external IP Address and a third party company routed a tunnel through our firewall.

Through this single IP/Port combination the Windows machine was compromised...

Oddly, and quite annoyingly, the IT Admin immediately pointed his finger at one of the pieces of software I was running "Apache"... Could you imagine the uproar in the world at large if Apache web server had a vulnerability which allowed the kind of hack I'll detail later?... Let me just say, I ribbed him back about it, but his inert and instant finger pointing away from what I believe the true problem child annoyed me.

The other software being run on the machine was Visual Studio 2013, whether that is vulnerable, I don't know, perhaps however one would expect some evidence that online/connected services being used by Visual Studio were accessed, some log or trace, and there aren't any, the only traces left were in the Windows logs (event viewer).  Reinforcing my annoyance at the finger being pointed away from Windows.

The user software being operated did not contain any code to do the actions carried out on the machine, indeed only Windows contains the ability to do what was done, so this was the final nail in the coffin for me Windows was to blame.

What was the hack?  You know what, I have no idea, having gone through the evidence and checked I have no idea what allowed the activity, however here's my general pattern pulled from the event viewer.

Thursday 13:30  Machine left in Idle.

Friday 03:01  External Access Logon Requested

Friday 03:03  Logon negotiated with null GUID

(This logon was never listed as successful, only that it was negotiated, I therefore suspect an IP Spoofing attack or some kind).

Friday 03:04  Logon elevated to grant all tokens

Whoever this was, they spent about three hours poking about insude the machine, then logged off.

Saturday 03:01  Logon negotiated with null GUID

Saturday 03:01  Logon elevated to grant all tokens

Saturday 03:03  All user accounts set locked

Saturday 03:13  Volume Shadow Copy started

Saturday 03:23  Volume shadow Copy crashed

Saturday 03:24  Unknown Application reported 100% CPU

Saturday 03:38  New user account created with name "hahaha"

Several more shadow volume copies occur, then this person logs off.

Sunday 04:13   hahaha logs on

Sunday 04:15 All user accounts set to disables, except hahaha

Sunday 06:38 hahaha logs off

Sunday 06:39   Machine shutdown by hahaha

That's what they did, not a lot I admit, however, we have the times this happened, we have the Event View log as proof, and we pay a company to look after the company firewall... So they have access logs right?... Right?... RIGHT?...

Nope, apparently it is too much hassle to check the logs, and according to one source "we get port scanned 100 times a day, what's the point of chasing down one hack?"... erm because they got in... they didn't just scan they got in, and for the life of me I can't figure out how.

Windows was patched, firewall was on, only a none-standard port was open and it was only listening with a custom application with a specific and narrow role to carry out...

Everything else on the machine was not available to that port, or on the second network adapter in the machine!

Road Rage - Company To Be Named

I'm going to put this out there, because it bugged me to all hell, I'm currently enquiring with several companies whom all shared similar names to find out who operated the vehicle in question, because, I was a victim of road rage.  Not once, but twice, to this moronic driver who in a company vehicle a) could not read the road markings and b) was utterly in the wrong, and then blocked the road to have a good shout at me.

So, what happened, well coming through Long Eaton and the main Nottingham road spans two traffic islands, both have two lanes approaching and then two lanes leaving, both lanes go straight on AND turn...

But on the second island so many people simply do not read the road markings they assume the right hand lane is straight on, and the left land just goes left.

THEY ARE WRONG, and even assuming this is incorrect as by default on islands the left lane is left & straight on whilst the right lane used to be right or straight on and you indicate appropriately...

Anyway, here we have two lanes, to two lanes to two lanes, it is very simple, after the second island in the chain traffic then merges... Lets look at what the highway code has to say about merging and Lane discipline...

Section 7 - 133

If you need to change lane, first use your mirrors and if necessary take a quick sideways glance to make sure you will not force another road user to change course or speed. When it is safe to do so, signal to indicate your intentions to other road users and when clear, move over.

Okay, so if YOU need to change lane... all this applies, did this guy who pissed me off need do this?... No, he was behind me... he was merging into my lane, I was on the left he was on the right, his lane ended and traffic was merging in turn.

Why merging in turn?.... Well the highway code says it...

Section 7 - 134

You should follow the signs and road markings and get into the lane as directed. In congested road conditions do not change lanes unnecessarily. Merging in turn is recommended but only if safe and appropriate when vehicles are travelling at a very low speed, e.g. when approaching road works or a road traffic incident. It is not recommended at high speed.

So it is recommended but only if safe and appropriate... Well it was safe, traffic was slow, a head of us everyone was merging into the left and all was flowing well....

However, then this moron comes down the right hand lane, and he wants to be in front of me, or perhaps he thinks we drive on the right in the UK and that everyone was merging with the right?... or just perhaps he was such a cock-bite that he believed the world revolves around him and his kid in the passenger seat and the traffic should flow around him?

Either way, he's neither indicating, nor merging, he's just beeping, flashing his lights and screaming at me.  I can see this in my right mirror, becuase unlike him I'm using my mirror.

Everyone was looking at this fool, and he beeps and he's causing the hazard but there's nowhere for this idiot to go, a head are pedestrians and cars in a chevron turning area going right down the next road.

So he's come down the right, pushed a head of everyone and then wants to just push in, and its suddenly me at fault, he's no indicating, he's not glanced left at the vehicle which was behind me... And he's ranting, so he gets my middle finger.

Yes, I'm sorry to say, I rose to the bait and he got my finger, but I'm so sick of cock-bites doing this...

And what wound me up more... This is a company liveried vehicle he's in, he's in a company vehicle, he's currently at that moment an ambassador for his company....

I've made this point to other companies before, if my staff were in vehicles with my company logo plastered all over them then I want a level of decorum from them, even if joe public was in his way he should bite his fucking tongue because he's not in his own vehicle he's in his bosses, he's representing the livelihood of not just himself but his co-workers and the whole supply chain around that company.

And to be frank, if this moron can't drive, I don't want him or his company doing business with me or any company I work for, and once I've made certain the identity of the company in question I will be blacklisting them based on this moron's instability and lack of humanity.

Not only for his clear anger issues and lack of skill behind the wheel, but because he was driving around in this company vehicle and ranting like this with a child in the passenger seat.

I don't know, it maybe perfectly acceptible to drive aroundin a company vehicle with your child, it maybe find for him to drive this vehicle on a Saturday on what looked like a personal errand, it maybe his company, who knows... But personally, I'm done.

I have the registration plate and I'll be updating this post as soon as I have any official reply from the three possible companies (as they all have similar names and livery colours).

But in the mean time, lets take a look at the road....

This is the approach into Long Eaton, from Nottingham, onto the first traffic island, as you can see two lanes, both straight on or turning left & right accordingly...

This is the gap between the islands, again two lanes and we can clearly see both are straight on lanes or turning alternatively...

We can see the lane delimitation even on the island, there are two lanes onto and off of this island.

And then the merging in turn happens here...

Looking from overhead, here is where this moron decided to start ranting and raving.

And once the traffic moved on, he then thought it approproate to stop once again at the turning to Bennett Street, where I was going, he pulled up along side me and continued to scream...

This is the reason he's going to be listed on here for all eternity and the world let know, because it's not acceptable, not in your own car certainly, but definiately not in a company car where you're representing the prestige of your employer... That company now has zero prestige, and I'm going to inform my family, friends and employer (who between them own five different businesses and my employer turns over several hundred billion euro's a year - and would possibly be interested in the type of business this moron works for) not to consider this company.

Black-listed, black-balled, moron'ed into obscurity because he was not an ambassador for his brand, he was wrong and instead of thinking "Hey, why is everyone looking at me?" no he thought it appropriate to scream not once, but twice at me, in front of his own child too.... zero work ethic, zero self awareness, just a zero in life!

British Gas - Aggravating, Annoying, Obtuse Asses

I'm going to lay this out straight, British Gas are utterly shite.  We constantly get hassled to pay bills, which are already paid, we get letters in the post days even up to a week after we've actioned changes, payments or readings and basically get constantly nagged by them.  It is really starting to grate with us... Not least little things like this:

You go to send them those readings:

Fear not however, because with this cock up already showing they then SMS text you more requests for the readings, and when you log on and get told the system us down, they repeat send the e-mail... And no doubt they'll be calling me tomorrow during office hours to interrupt my day and nag me some more.

But, today the last laugh is on my side, because today we've taken over a new solar grill oven.  No more gas hob for us.  So our gas usage is going to plummet significantly... Lets see how their system works that out, because the last time I cut gas use - by turning the gas boiler off for a fortnight - they complained that we were not using enough!

Yes, a company supposedly dedicated to reducing carbon fuel use, to serving its customers... "Hey you, you've spent too little", makes me want to puke.

New Company Culture... be Obstructive

It is a new world we live in, with new rules and new concepts... Here's a concept for you... I mentioned a few weeks ago I was working on the Raspberry Pi at work...

Well, that work is near completion, so I went to ask "Where are the Pi's belonging to the company?"... Since we've been working exclusively on hardware I bought and brought in, I thought it a little strange we've still not seen any actual kit belonging to the company.

And the answers I got, from two different individuals, begger belief... First I was told... "We're not ordering anything until its all proven they can work"... They do work, and the Raspberry Pi use is only a stop gap measure whilst the real hardware team work on things, but we need to do a demo of this for a trade show in February and the real hardware will not be ready until June, so the idea was to use the Pi and get proof of concept and demo done...

Well, the proof of concept is ready, we just need real company Pi's to run it on for the demo... I point this out.

"Well, we can't just order them, they have weeks and weeks lead time on RS & Farnell".... he is right, they do... "so we've not bothered to order them yet, until the lead time gets shorter"... The logic of this one started to make me boil.  They take a lot of time to deliver, so we won't order until the time to wait is shorter... so rather than wait and get that time over with so they turn up soon ish, they're waiting to wait for their wait... and then ordering them whilst not waiting... the logic... just... makes me cry... Order the things now, get them in the pipeline, then IF we can't get them before January 14th, hit ebay.

Or, better yet, order them from ebay sellers (like I have personally) now and get them next week (like I did and my boss did and the head if IT did and the hardware department did)... No, we can't use a company credit card on ebay... You don't you tard, you use the credit card with PayPal, which is safer than you're clearly aware of with your "t'internet is too new" attitude.  Get with the times, order the things on ebay... No...

Right, I'll order them, and the company can give me the money back as petty cash, or in my next pay day... "No because"... get ready for it... he actually said this... "no because that looks like the company is buying you special toys".

Special Toys... And buying Me...?... So, I bought something the company needs, which I already own and hence don't actually need any more of, and then I charge the company for the equipment it will own and he says it looks like the company buying me toys.

So, at this point, I went to ask a higher power... A director no less... His attitude...

1. We can't buy them until you prove their purpose

2. We shouldn't be using your personal ones

3. We can't buy off of ebay.

So... I'll just delete all this work then, put a hammer through my own personal Pi and wait for Farnell or RS, with the huge long lead times?

And, this whole they won't pay for things on ebay... I bought a book, £45 worth... It proved so useful the company simply took the receipt and paid me the difference back in my wage packet... WHAT IS DIFFERENT BETWEEN THAT AND MY BUYING THESE PI'S AND CHARGING IT BACK?

I swear to god, when you're bringing into your work better tech than they purchase and you are offering every possible avenue to not block work and progress, and all you get is slogging messy stupid obstructive attitudes it really sucks the life out of your efforts.

I have just had a massive rant about this situation to my manager, his answer... go and tell the original idiot I was ranting... Not tell him why, not empathise with my frustration, or even just tell me to calm down, no, his answer was... "haha, he's ranting"...

It is all so tiresome... If I just didn't bother, NOTHING would get done around here... and with NOTHING getting done, I'd be the first fired, this is the irony of it all.