|
|
| Non-WTF Job: C++ Developer at Good Grievance (Ronkonkoma, NY) |
|
|
|
| Non-WTF Job: C++ Developer at Good Grievance (Ronkonkoma, NY) |
| « 2.6: A Roadblock | A Sponsor Thanks & A Fridge Cleaning » |
In early 2004, John was living it up in Argentina at a startup working on a VCI product. For those unfamiliar with Value Chain Integration, in layman's terms it synergizes backward overflow while optimizing cardinal grammeters in addition to allowing customers to parabolize slithy toves at the least embiggoned cost possible. The software's development was handled in Argentina, though there were offices around the globe. They were just starting to pull together a real, live QA team to replace the last QA team (one guy in one of the US offices). They were happily building their software, expanding the team, burning through their VC capital, and entertaining dreams of a huge IPO.
It didn't take long to assemble a full QA team — everyone was excited to work at a startup that was so full of potential. After some brief training, the new QA team was turned loose to do their worst to the in-development application. In a few days, the bug list had more than quadrupled in size. Developers cranked out fixes, and the testers found more bugs.
One issue that kept cropping up was that email alerts were unpredictable. Sometimes the alerts would arrive immediately, sometimes they'd come several hours later than they were supposed to, and more often than not the tester just wouldn't receive emails at all.
After reading the bug report's heading, John sighed. The email alert issue... again. Different members of the dev team had investigated the issue, checked in little changes, only for the issue to crop back up a few days later. They'd pored over the code time and time again, and couldn't find any reason that the application would fail at sending emails.
We've got to settle this once and for all, John thought. The case had been opened by one of the newer recruits on the QA team, Fred. John got up and walked to Fred's desk for a demonstration.
"OK, have a look," Fred said. He filled out a form and clicked a button, then Alt-Tabbed to his email. "So I should have an email now, right?" He hammered the send/receive button. Nothing.
Damn, John thought, hoping the bug wouldn't be reproducible and he could just close the issue and pretend it never happened. John returned to his desk and ran the same test, and it failed again.
This has to be a config- On the verge of a breakthrough, John's thoughts were cut short by his ringing phone. It was a call from the US, but strangely not from one of their US offices.
John: This is John.
Polly: Yeah, hi, my name is Polly. I'm calling because I want you to stop spamming us.
John: ...spamming you?
Polly: According to the CAN-SPAM Act of 2003, any and all electronic mail messages-
John: I'm sorry, Polly, I think you may have the wrong number. We're a tech startup, and we don't do any bulk mailings.
Polly: Does your company own and operate the mail server mail.[company].com?
John: Yes, we do, but-
Polly: But nothing! In the last twelve hours we've recieved... over seven thousand emails from you!
John: Are you sure it's from u-
Polly: And they're still coming in! Our mail server keeps crashing every time we bring it back online! The CAN-SPAM Act is very specific abou-
John: Wait, I'm sorry, I think I know what's happening. Give me five minutes.
During the brief conversation, John was checking up on their mail server, opening a few logs, and checking up on the outbound queue. What he saw was startling.
There were 109,311 messages queued for delivery to test@sdfjgi.com. All of which originated from Fred's system.
During some stress testing, Fred had gotten annoyed and overwhelmed by an avalanche of email alerts; often amassing thousands of emails per minute. As a quick fix so that he could test without destroying his inbox, Fred opened up a web browser and mashed his keyboard to get a random domain name — sdfjgi.com (changed to protect the innocent). When he opened it in a web browser and got a 404, he assumed that meant the domain was unregistered, and that it was therefore safe to bombard sdfjgi.com with tens of thousands of emails.
After the embarrassing incident, they realized that they could make some serious cash if they switched from VCI software into spamming, so that's exactly what they did. Just kidding, they added an option to turn off email alerts and continued testing.
|
The Real WTF: example.org is reserved for testing, so there's no situation where you should be randomly picking domains.
|
Re: CAN-(ACCIDENTALLY)-SPAM
2008-07-10 10:37
•
by
wingcommander
(unregistered)
|
|
Everyone knows that VC capital should be used to buy Aeron chairs and foosball machines.
|
|
I have had a case of a tester misspelling the company name in a config setting and spamming someone. Not quite these volumes though. We fixed it for the testers by giving them a lightweight smtp server. It would count the messages and only keep the last 100 received.
|
|
'Twas brillig, and the slithy toves
Did gyre and gimble in the wabe: All mimsy were the borogoves, And the mome raths outgrabe. "Beware the Jabberwock, my son! The jaws that bite, the claws that catch! Beware the Jubjub bird, and shun The frumious Bandersnatch!" He took his vorpal sword in hand: Long time the manxome foe he sought -- So rested he by the Tumtum tree, And stood awhile in thought And as in uffish thought he stood, The Jabberwock, with eyes of flame, Came whiffling through the tulgey wood, And burbled as it came! One, two! One, two! and through and through The vorpal blade went snicker-snack! He left it dead, and with its head He went galumphing back. "And has thou slain the Jabberwock? Come to my arms, my beamish boy! O frabjous day! Callooh! Callay!" He chortled in his joy. 'Twas brillig, and the slithy toves Did gyre and gimble in the wabe: All mimsy were the borogoves, And the mome raths outgrabe. I still know it by heart... |
"Q. How many programmers does it take to check a mail queue for pending messages?" "A. None, that's a mail administrator function, so keep your #&^*#$ developer fingers off my *#$#& server." |
|
I worked on a project where a user could upload a data file, which would then kick off a long process that could run from a few minutes to a few hours, and when it was done we would send them an email.
Except ... one day one of the programmers was making a change and accidentally moved the send-email call from right after the "process a record" loop completed, to just inside the loop. So now we were sending an email for each record processed, which was typically tens of thousands per file upload. The Spam police came for us the day we started testing. At least we were only spamming our own organization. |
|
One of my first development projects implementing a web based membership management system.
One of the features was a system that allowed a mass mail to be sent to all members in the system. There were about 7,000 members. After finishing the code, I decided to give it a test run. I thought I had overridden the code that returned the e-mail addresses with my own e-mail address, but due to a mistake, it instead pulled the first person on the mailing list. Then, due to a 2nd defect, the system stuck in an infinite loop mailing the words "Test 123" to this poor user. It sent over 7,000 e-mails before my outbound SMTP server died. I'm a much better developer now :) |
| « 2.6: A Roadblock | A Sponsor Thanks & A Fridge Cleaning » |
Mark:
