[Info-vax] OS implementation languages

Dave Froble davef at tsoft-inc.com
Mon Sep 11 14:05:15 EDT 2023 

On 9/11/2023 1:36 PM, Simon Clubley wrote:
> On 2023-09-11, bill <bill.gunshannon at gmail.com> wrote:
>> On 9/11/2023 9:09 AM, Simon Clubley wrote:
>>> On 2023-09-11, bill <bill.gunshannon at gmail.com> wrote:
>>>> On 9/11/2023 8:42 AM, Simon Clubley wrote:
>>>>>
>>>>> If you can turn on those features, it means you can run PHP with
>>>>> them turned off. It's no different from writing SQL code without
>>>>> doing any sanitisation of input.
>>>>
>>>> Unless your boss says "I want them on."
>>>>
>>>
>>> Then you put it in writing why it is such a bad idea and get confirmation
>>> to proceed also in writing. You also CC your coworkers and others so
>>> that when it goes wrong, you can prove you are not to blame.
>>>
>>
>> Simon,
>>     You need to come live in the real world.  The boss doesn't need
>> to do anything you want him to do.  And bad mouthing him to your
>> coworkers is very likely to just get you fired.
>>
>
> I do live in the real world Bill. I live in Europe (well, OK, the UK,
> but it's a part of Europe).
>
> Around here things are a bit more civilised than you are clearly used to.
>
> And who said anything about "bad mouthing" ? That's _NOT_ how this is done.
>
> What you do is to _politely_ and _factually_ write an email confirming
> what you have told to do, and to explain why, by the industry standards,
> this is considered to be a bad thing and what the risks are.
>
> You then ask your boss outright if they want to proceed anyway. This simple
> act may make them reconsider what they asked you to do.

I had a customer in the past that decided to store, unencrypted, customer credit 
card info and checking account info.  On Microsoft's IIS web server.  I 
explained that this was a bad idea.  Their response, "everybody does it".

I think they didn't like my bluntness, since I haven't been asked to do more 
work for them.

> Depending on how serious the thing is you are being asked to do, you may
> also BCC the HR people. They don't care about you (that's not their job),
> but they do care about the company they work for.
>
> By using a BCC, it gives them the option to quietly see if there is a
> problem, and to have a quiet word with your boss, while also giving you
> written confirmation you tried to warn people.

And HR just might have a quiet word with the boss about the "trouble maker".

> If the company OTOH fires you for this then, _if_ you were polite and
> factual, that company is now in _serious_ trouble, at least in Europe.

And you think they cannot come up with some other reason to fire you?

Not sure about your claim to be living in the real world.


-- 
David Froble                       Tel: 724-529-0450
Dave Froble Enterprises, Inc.      E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA  15486

More information about the Info-vax mailing list