I spent a decade working in insolvency.
When we were going into a business that had failed the question was “Are the idiots, criminals or both?”
One highlight:
A boat sales / marine business goes bust. When we arrive with the paper work and seize the place there are about a dozen new boats on the lot worth several million. We change the locks on the gates.
Arrive the next day, the gates have been busted open and several million in boats are now missing. We look up the addresses of the owners (one of them lives on acreage) and drive to their property…from the road we can see the boats stashed there. Really smart guys.
So we call the police. Someone inside notices use there and decides to flee with one of the boats, it is huge but they think they can get away.
We then have the slowest car chase in history as we calmly follow this guy towing a boat on a trailer down the road while talking to the cops to meet us.
Several years ago, when I was more just the unofficial office geek, our email was acting up. Though we had Internet access as normal. At the time, email (Exchange) was hosted on-prem on our server. Anything server related, I’d contact our MSP to handle it. Which usually meant they’d simply reboot the server. Easy enough, but I was kinda afraid and hesitant to touch the server unless the MSP explicitly asked/told me to do something.
I reported it to our MSP, expecting a quick response, but nothing. Not even acknowledgment of the issue. This was already going on for like an hour, so I decided to take matters into my own hands. I went to the server, turned on the monitor…and it was black. Well, shit. Couldn’t even do a proper shutdown. So I emailed again, waited a bit, and again no response.
Well, if the server was being unresponsive, I figured a hard shutdown and reboot would be fine. I knew that’s what the MSP would (ask me to) do. What difference was them telling me to do it versus just me doing it on my own? I was going to fix email! I was going to be the hero! So I did it.
Server booted up, but after getting past the BIOS and other checks…it went back to black screen again. No Windows login. That’s not so terrible, since that was the status quo. Except now, people were also saying Internet all of a sudden stopped working. Oh shit.
Little did I know that the sever was acting as our DNS. So I essentially took down everything: email, Internet, even some server access (network drives, DBs). I was in a cold sweat now since we were pretty much dead in the water. I of course reached out AGAIN to the MSP, but AGAIN nothing. Wtf…
So I told my co-workers and bosses, expecting to get in some trouble for making things worse. Surprisingly, no one cared. A couple people decided to go home and work. Some people took super long lunches or chitchatted. Our receptionist was playing games on her computer. Our CEO had his feet up on his desk and was scrolling Facebook on his phone. Another C-suite decided to call it an early day.
Eventually, at basically the end of the day, the MSP reached out. They sent some remote commands to the server and it all started working again. Apparently, they were dealing with an actual catastrophe elsewhere: one of their clients’ offices had burned down so they were focused on BCDR over there all day.
So yeah, I took down our server for half a day. And no one cared, except me.
I worked at a sandwich shop and had given my two weeks notice a few days earlier. My manager came to me and asked me to clean up the bathroom…alright. I could smell it before I even opened the door.
I told my manager I’d clean it if he’d still give me the employee discount after I was gone. “Done”. That’s when I knew it was really bad.
When I opened the door I discovered someone had ass-blasted the bathroom. I’m not talking about blowing up the toilet, they did that too, but they had dropped their drawers and point-blank diarhea shotgunned the pipes under the sink.
My manager didn’t honor the employee discount after I was gone, either.
My manager didn’t honor the employee discount after I was gone, either.
They never do. I had a manager try that shit on me when I was working food service, and I turned it around on him and made him get one of his toadies to clean it up after talking a bunch about “not being trained for biohazard cleanup” and “OSHA regs” which got him to back down, and I told all my coworkers the same so they’d tell him to fuck off too.
Still wish I could have been there when the feds showed up and escorted him out of the building.
Come back and return the toilet to the state you found it in.
Then the next employee gets the same deal, and the cycle of shit continues
We really honor our hunter gatherer ancestors by passing down these stories
An isolated shingle spit nature reserve. We’d lost mains power in a storm some while back and were running on a generator. Fuel deliveries were hard to arrange. We’d finally got one. We were pretty much running on fumes and another storm was coming in. We really needed this delivery.
To collect the fuel, I had to take the Unimog along a dump track and across 5 miles of loose shingle - including one low causeway stretch through a lagoon that was prone to wash out during storms. We’d rebuilt it a LOT over the years. On the way up, there was plenty of water around there, but it was still solid.
I get up to the top ok and get the tank full - 2000L of red diesel - but the wind is pretty strong by the time I have. Half way back, I drop down off the seawall and reach the causeway section. The water is just about topping over. If I don’t go immediately, I won’t get through at all and we will be out of fuel for days - maybe weeks. So I put my foot down and get through that section only to find that 200 meters on, another section already has washed out. Oh shit.
I back up a little but sure enough the first section has also washed through now. I now have the vehicle and a full load of fuel marooned on a short section of causeway that is slowly washing out. Oh double shit. Probably more than double. Calling it in on the radio, everyone else agrees and starts preparing for a pollution incident.
In the end I find the firmest spot that I can in that short stretch and leave the Moggie there. Picking my route and my moment carefully I can get off that ‘island’ on foot - no hope with the truck - BUT due to the layout of the lagoons only to the seaward ridge, where the waves are now crashing over into the lagoon with alarming force. I then spend one of the longest half-hours I can remember freezing cold and drenched, scrambling yard by yard along the back side of that ridge and flattening myself and hoping each time a big wave hits.
The firm bit of causeway survived and there was no washed away Unimog or pollution in the end - and I didn’t drown either - but much more by luck than judgement.
These days I am in a position where I am responsible for writing risk assessments and methods statements for procedures like this. It was another world back then.
That is seriously some action movie shit
My first week on a new job I ran a DELETE query without (accidentally) selecting the WHERE clause. In Prod. I thought I was going to get fired on the spot, but my boss was a complete bro about it, and helped with data restore personally.
Everyone at that company was great both professionally and personally. It’s the highlight of my 30+ year career.
That’s the employer’s fault for making it so easy to connect to prod with read-write permissions. Not your fault.
+1
We have read only access.
Also transactions are good ideas.
Also my database tool (the one built into pycharm) warns and requires you to hit submit a second time if you try a delete or update without a where. Discovered this on local where I really did want to update every record, but it’s a good setting.
At my last job I was given write permissions to production and I asked for read only credentials instead, I know my own stupidity
Alt tabbed once too many times, clicked drop database, clicked yes. Realized what I’d done and panicked.
Deleted the user db for the east coast auth server for the game America’s Army: Operations. Thankfully it was the secondary so we just redid replication.
Sharing my story for posterity.
I used to work at a medical center for old folks with varying disabilities. It was a great job all things considered, just didn’t pay very well and the scheduling was a mess.
Anyway, one day I’m cleaning tables on the dining room when I hear on my walkie talkie that one of the new people need help with a guy in the bathroom. Usually “they need help” means “something has gone awry, please unfuck the situation” and, since I was the supervisor on shift, my job frequently involved untucking a situation.
I arrive outside the bathroom door and the new employee tells me that she walked into a situation that she wasn’t prepared for. I figured it was some poop, or the guy fell asleep on the toilet or something.
I walk in and the walls were all painted with poop. The sink was painted with poop. The floor was painted with poop. The paper towel dispenser had poop all over the front of it.
The poor guy had gone to the bathroom, got confused and tried to remember what toilet paper was. He saw me and knew I was there to help, but he was nonverbal. His way of saying thank you was to gently take his hand and rest it under your chin.
He did so, but his hand was also still covered on poop.
I’m used to poop. It’s a normal job hazard in that line of work. But something about having to clean myself and every surface in the room from caked poop while somebody else gave the poor guy a shower…that kind of story sticks with you. To this day I can’t look at finger paints without feeling a little queasy.
Your story makes up for the non-work related stories in this thread. It’s both work related and shitty lol. I’m sorry you had to go through that.
I’m sorry, that sounds like a really shitty day.
Now that i think about my first job was fucking wild.
My buddy was in a forklift taking some stock down and i was spotting, basically just hanging out and making sure no one got in the way. A few minutes after the normal time it’d take he thinks something is wrong and calls me to take a look (from afar) to see how fucked we are; the answer was very, the pallet was barely holding together at all, but i couldn’t see a damn thing from my position. Before i could get back to spotting we heard a loud crack and the world went still, i imagine for much longer by him, and not a second later we had hundreds of pounds of foul smelling mulch everywhere.
I had a lot more there too; babysitting an old man that looked on the verge of death with no management anywhere to be found, moving hundreds of pounds at a time by hand, dealing with the best conspiracy theorist ever.
I’ve been bored everywhere else I’ve ever worked.
There’s something about physical labor jobs that result in everybody having one story about babysitting somebody who is actively dying
what do you mean, the best conspiracy theorist ??
I used to work at a car dealership. One day I had to use a bay in a different building because my usual workplace was occupied. The other building had a lift that I hadn’t used before.
Anyways, I drove the car onto the lift, got out and placed the arms of the lift under the jacking points like I had done a thousand times before. I raised the lift a little and checked if the placement was still correct. It looked good, so I raised the car to a medium height. When I looked again, I realized that this lift had a central platform that was also raised and was set about 20 centimeters higher than the four arms that usually lift the car.
This 90.000 Euro SUV was basically balancing on a 180x50cm piece of metal right in the center. I managed to lower it down safely but my pulse goes up just thinking about that day.
My better ones are too legally dubious to post, but I do have one about fairly mundane office drama.
A coworker once dropped some particularly angry comments about a manager in the work chat instead of our private one. I panic post some inane shit to try and hide it before hurriedly tabbing over to the private chat to tell her to delete it. Too late. Along with a very clearly ‘upset but trying to be professional’ reply, there are some ominous words spoken about how this proves the existence of our private chat and action will be taken if this is the kind of thing being said in it. But it’s clock out time for our manager and on a Friday so it gets shelved until Monday with no action taken.
Our private chat wasn’t exactly secure so there was fair chance our bosses would access to it. I spend the rest of my work hours that day scrubbing it of the most damaging things I had said while trying to leave enough unflattering stuff that it looked somewhat natural. It wasn’t particularly spicy all told, it was mostly just “how to do x?” without sounding incompetent in front of people who dictate whether you get paid or not, but better safe than sorry. We’re still sure that our coworker who dropped the bomb is going to get shit canned though.
Monday comes around and we’re all waiting for the hammer to come down. Each moment that goes by we expect the retribution is going to be worse. Around midday I realize we’ve got a different manager than usual overseeing us, but the usual is still clocked in. I spot a bunch of higher ups have away messages saying they’re in a meeting and have been for hours. Then in our work chat comes a “x is typing” from one of them, who very rarely says anything there. I message one of my coworkers putting my bet that this was it and to brace for punishment.
The typing message from this person goes on for a good 20 minutes. It’s going to be a big one.
The message finally comes. Our coworker was fired.
…and so was everyone else except myself and one other person. They were getting laid off. The meeting I noticed wasn’t about our punishment, it was an emergency meeting because an important contract hadn’t gone through. Company got gutted.
I feel like, if one contract falls through and your company is in shambles, it wasn’t a very good company.
My first salaried job was also my first proper IT job and I was a “junior technician” … the only other member of IT staff was my supervisor who had been a secretary that got a 1 week sysadmin course and knew very little.
The server room was a complete rat’s nest and I resolved to sort it out. It was all going very well until I tripped over the loose SCSI 3 cable between the AIX server and it’s raid array. While it was in use.
It took me 2 days to restore everything from tape. My supervisor was completely useless.
A few months later I was “made redundant”, leaving behind me everything working perfectly and a super tidy server room. I got calls from the company asking for help for the following 6 months, which I politely declined.
It’s always fun when a job calls you up after you’ve been fired to ask how to do the things they didn’t know you were doing
Yep, I remember in one job I was at for 8 years a manager 2 levels up complemented me for sorting out the networking for a re-arrange of our own office … I was gobsmacked because I’d been managing a whole network and server upgrade for a client that involved well over 1000 users at the time yet an hour of fiddling with wires under desks was the only thing that got his attention.
One job I was fired from and rehired within the day, after they quickly realised that I was their only Android developer and they couldn’t build an app with just hopes and wishes. They fired me again later, which they quickly regretted since I was the only one with the signing key (meaning they couldn’t update the app).
deleted by creator
Yeah, I got laid off twice more before switching careers. Both times they wanted me to come back and fix stuff after letting me go.
It goes hand in hand with the “if someone works hard, they should be given more work as a reward” line of thinking.
I have a small PC I use for exposing a private PC to the wider web via nginx proxy. It had two accounts on it: mine, and one I called “remote” with some basic password I set up to forward the proxy connection.
One day, this machine started making 100% CPU noises, for several hours. Wtf? I check the processes and a Tor node had been setup and was transmitting gigabytes to some Russian IP.
My brain goes into panic mode, I kill the process, wipe the remote user, and eventually pull the Ethernet plug.
I wish I hadn’t wiped the user directory as I wanted to know what was being sent and where. Nonetheless the logs showed that several Russian IPs had been attempting an SSH brute force for literally months and one finally guessed “remote” and weak password I set for it.
I have decades of experience on Unix system, and I cringe having made such a rookie mistake.
Lesson learned: change the default SSH port to a transient port, have one dedicated SSH user with a non-standard username, and use auth-key entry only.
I still wonder what was being sent over that Tor node, and why it required all the CPU cores. My best guess is crypto mining, or it was used for a DDOS attack net somewhere.
Obfuscation is not security, changing the port doesn’t increase your security
I see this claim all the time, and it bugs me every time. Obfuscation is a perfectly reasonable part of a defense in depth solution. That’s why you configure your error messages on production systems to give very generic error messages instead of the dev-centric messages with stack traces on lower environments, for example.
The problem comes when obscurity is your only defense. It’s not a full remediation on its own, but it has a part in defense in depth.
Changing the port isn’t really much obfuscation though. It doesn’t take long to scan all ports for the entire IPv4 range (see masscan)
It helps against stupid automated attacks though.
If someone has changed the port it’s likely that they have set up a great password or disabled password auth all together.
It’s worth it for just having cleaner logs and fewer attempts.
It’s worth it for just having cleaner logs
Those logs are useful to know which IPs to permanently block :)
I hear you, but I disagree:
It buys you enough time to check the journals and see that a group of IPs have attempted various ports giving you enough time to block the IP altogether.
It also buys you disinterest from the malicious host, since probably there’s a hard limit on how many ports they will test, and they will flag your machine as “too much work” and try another.
Again, I agree with you that obfuscation is not security, but it sure does help.
I broke the home page of a big tech (FAANG) company.
I added a call to an API created by another team. I did an initial test with 2% of production traffic + 50% of employee traffic, and it worked fine. After a day or two, I rolled out to 100% of users, and it broke the home page. It was broken for around 3 minutes until the deployment oncall found the killswitch I put in the code and turned it off. They noticed the issue quicker than I did.
What I didn’t realise was that only some of the methods of this class had Memcache caching. The method I was calling did not. It turns out it was running a database query on a DB with a single shard and only 4 replicas, that wasn’t designed for production traffic. As soon as my code rolled out to 100% of users. the DBs immediately fell over from tens of thousands of simultaneous connections.
Always use feature flags for risky work! It would have been broken for a lot longer if I didn’t add one and they had to re-deploy the site. The site was continuously pushed all day, but building and deploying could take 45+ mins.
Always use feature flags for risky work! It would have been broken for a lot longer if I didn’t add one and they had to re-deploy the site. The site was continuously pushed all day, but building and deploying could take 45+ mins
This reminds me of the old saying: everyone has a test environment. Some people are lucky enough to have a separate production environment, too.
Two nights ago I had a random meeting with the CEO, who I have a really good relationship with, added to my calendar. Thought nothing of it.
I entered the zoom call and said ‘so am I getting fired?’
The answer was yes.
Awkward silence ensued for a minute until they started telling me about the severance package.
Side note: I can try to negotiate that severance a bit right?
Urgh yeah I had one of those. A “small quick meeting” that makes you think they just want an informal update. Nope, its the getting fired talk. Still, turned out to be a blessing.
Mine sucks because it’s the best job I’ve ever had. Planned on staying as long as they’d keep me (just under 5 years it turns out) and had no plans at all to even poke around at other roles.
The silver lining is I’ll prob get a nice pay increase since I’ve been pretty underpaid at this place as it’s an NPO.
Definitely negotiate that severance. What a shit deal
How do you negotiate severance? Don’t you have zero leverage in that situation?
Some severance packages will have a non disparagement clause in it, or they’ll say you can’t recruit people to xyz competitor for a number of years. You can then say “yes I can do that, but if and only if you give me 20% extra of my estimated salary”
deleted by creator
A coworker once did a bad pull request and knocked down all the Canadian servers. God bless
