Mixing
Being one-man-army and end up “strong-armed†[closed]
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
2
down vote
favorite
I have went through How to deal with an incompetent colleague? and How should I handle an incompetent coworker?, but I feel my case differs quite a lot.
I started working at my current workplace - which is private educational institution in the UK - about 6 months ago. I am quite advanced PHP developer and have about 5 years of work experience. However, despite being 23 years old I am currently a student in the given organization (almost finishing), I was invited (or requested more or less) to work for them full time on the Virtual Learning platform they ware developing, without me looking for a job (I had dedicated my time to being a student there and was supporting myself just fine). At the end of the interview I was asked prior to starting in the beginning of next week to - quoting - learn Classic ASP 1, I explicitly mentioned that I am a PHP developer (which I said beforehand, when explaining what my skill-set is) then the conversation went in to the direction that the software will be "converted" in to PHP.
Once started I realized that the software was written in Classic ASP, being operational since day 1, which was about 3 years ago and currently being offered as a service to others (kind of a SaaS). A lot of times I noticed that there are obvious major security flaws and I notified my team member to which he replied (emphasis mine):
Don't worry about security. At the moment we are building everything, once all is ready and it is working we will start adding layers of security where needed and it will be OK.
I don't know why you are worried about security at this stage
Which raised a few red flags, however I considered that when we start rewriting it everything will be done properly. (I didn't knew that it was operating for so long nor that it was being resold)
It has been a few months now and the only tasks which I am required to carry out are to make security flaws in applications which work properly for the purpose to "integrate" them (resulting in automatic log-ins..)
Currently my opinion is discarded as soon as I start making an argument that he is wrong for something (strong-arming). There is no deployment strategy, everything is done writing directly to production files via FTP (although I am compensating on isolating the components I am developing and testing, maintaining tests and applying code practices and standards). No backups are in place, no encryption for anything and the "system" is built in a way that everyone working in here can view everyone's personal information including communication, and student works (assignments, exams, etc.).
I am suspecting that he is even leaking data (in form of student works) for personal profit, but I could not state that as all the people coming to speak with him, they speak in their own native language, which is totally different from mine native and English.
So after long description (for which I apologise and tried to keep as short as possible) my actual questions:
- How should I proceed to escalate my concerns, if they are closed friends with the CEOs?
- Should I blow the whistle to ICO ([Information Commission Officer] (http://ico.org.uk/)) that there are no policies in place for security and privacy and no maintenance being done? (which I noticed when a teacher was fired and deleted all presentations and stuff relating to the module we ware doing and my whole group was left empty handed on any materials)
- Should I notify higher levels (those running the programs and issuing the certifications) that I am suspecting that most of the student works are being purchased from members of staff and are not legitimate?
Again sorry for the long post and if anyone would like private discussion I am all for it :)
Discontinued by Microsoft in February 17, 2000; 15 years ago as per Wikipedia's ASP page on Active Server Pages
software-industry ethics
edited Apr 13 '17 at 12:48
Community♦
1
asked Jul 2 '15 at 11:39
DaGhostman Dimitrov
1137
closed as off-topic by Joe Strazzere, gnat, scaaahu, Telastyn, Masked Man♦ Jul 2 '15 at 16:28
This question appears to be off-topic. The users who voted to close gave this specific reason:
- "Questions asking for advice on what to do are not practical answerable questions (e.g. "what job should I take?", or "what skills should I learn?"). Questions should get answers explaining why and how to make a decision, not advice on what to do. For more information, click here." – gnat, scaaahu, Telastyn
suggest improvements |Â
up vote
2
down vote
favorite
I have went through How to deal with an incompetent colleague? and How should I handle an incompetent coworker?, but I feel my case differs quite a lot.
I started working at my current workplace - which is private educational institution in the UK - about 6 months ago. I am quite advanced PHP developer and have about 5 years of work experience. However, despite being 23 years old I am currently a student in the given organization (almost finishing), I was invited (or requested more or less) to work for them full time on the Virtual Learning platform they ware developing, without me looking for a job (I had dedicated my time to being a student there and was supporting myself just fine). At the end of the interview I was asked prior to starting in the beginning of next week to - quoting - learn Classic ASP 1, I explicitly mentioned that I am a PHP developer (which I said beforehand, when explaining what my skill-set is) then the conversation went in to the direction that the software will be "converted" in to PHP.
Once started I realized that the software was written in Classic ASP, being operational since day 1, which was about 3 years ago and currently being offered as a service to others (kind of a SaaS). A lot of times I noticed that there are obvious major security flaws and I notified my team member to which he replied (emphasis mine):
Don't worry about security. At the moment we are building everything, once all is ready and it is working we will start adding layers of security where needed and it will be OK.
I don't know why you are worried about security at this stage
Which raised a few red flags, however I considered that when we start rewriting it everything will be done properly. (I didn't knew that it was operating for so long nor that it was being resold)
It has been a few months now and the only tasks which I am required to carry out are to make security flaws in applications which work properly for the purpose to "integrate" them (resulting in automatic log-ins..)
Currently my opinion is discarded as soon as I start making an argument that he is wrong for something (strong-arming). There is no deployment strategy, everything is done writing directly to production files via FTP (although I am compensating on isolating the components I am developing and testing, maintaining tests and applying code practices and standards). No backups are in place, no encryption for anything and the "system" is built in a way that everyone working in here can view everyone's personal information including communication, and student works (assignments, exams, etc.).
I am suspecting that he is even leaking data (in form of student works) for personal profit, but I could not state that as all the people coming to speak with him, they speak in their own native language, which is totally different from mine native and English.
So after long description (for which I apologise and tried to keep as short as possible) my actual questions:
- How should I proceed to escalate my concerns, if they are closed friends with the CEOs?
- Should I blow the whistle to ICO ([Information Commission Officer] (http://ico.org.uk/)) that there are no policies in place for security and privacy and no maintenance being done? (which I noticed when a teacher was fired and deleted all presentations and stuff relating to the module we ware doing and my whole group was left empty handed on any materials)
- Should I notify higher levels (those running the programs and issuing the certifications) that I am suspecting that most of the student works are being purchased from members of staff and are not legitimate?
Again sorry for the long post and if anyone would like private discussion I am all for it :)
Discontinued by Microsoft in February 17, 2000; 15 years ago as per Wikipedia's ASP page on Active Server Pages
software-industry ethics
edited Apr 13 '17 at 12:48
Community♦
1
asked Jul 2 '15 at 11:39
DaGhostman Dimitrov
1137
closed as off-topic by Joe Strazzere, gnat, scaaahu, Telastyn, Masked Man♦ Jul 2 '15 at 16:28
This question appears to be off-topic. The users who voted to close gave this specific reason:
- "Questions asking for advice on what to do are not practical answerable questions (e.g. "what job should I take?", or "what skills should I learn?"). Questions should get answers explaining why and how to make a decision, not advice on what to do. For more information, click here." – gnat, scaaahu, Telastyn
Are you saying that they are developing on a platform that was obsoleted by Microsoft 15 years ago? If I remember correctly, ALL of Microsoft's products had serious security issues back then, and it took a high priority, concerted effort over several years on the part of Microsoft to bring these issues under control.
– Vietnhi Phuvan
Jul 2 '15 at 12:41
Exactly, IIRC that was the reason they made the .NET stuff :) and that was /is developed in 2013-2015 ... :)
– DaGhostman Dimitrov
Jul 2 '15 at 12:46
If you can, run away from the Virtual Learning Platform as far and as fast as you can. The project is critically mismanaged, starting from its selection of a platform that Microsoft hasn't supported for 15 years. The project is also critically mismanaged in that the security issues are not baked into the code from the very beginning. In addition, this platform is likely riddled with security issues from 15 years ago. It's not clear to me how this platform is going to support new technologies such as WebRTC, which may very well be incompatible with it.
– Vietnhi Phuvan
Jul 3 '15 at 0:02
You are right - you are not working with incompetent colleagues, you are working with an incompetent organization. My advice: start looking for another job - that job will be insurance in case something bad happens to you. If you can't make any headway with the management regarding how they structure this project, get the hell out of the firm. Because this project has "LOSER" and "DEATH MARCH" written all over it. And as the senior programmer, they may very well tag you with ownership of this fiasco. The management of this project just violates too many critical rules of project management.
– Vietnhi Phuvan
Jul 3 '15 at 0:08
suggest improvements |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
I have went through How to deal with an incompetent colleague? and How should I handle an incompetent coworker?, but I feel my case differs quite a lot.
I started working at my current workplace - which is private educational institution in the UK - about 6 months ago. I am quite advanced PHP developer and have about 5 years of work experience. However, despite being 23 years old I am currently a student in the given organization (almost finishing), I was invited (or requested more or less) to work for them full time on the Virtual Learning platform they ware developing, without me looking for a job (I had dedicated my time to being a student there and was supporting myself just fine). At the end of the interview I was asked prior to starting in the beginning of next week to - quoting - learn Classic ASP 1, I explicitly mentioned that I am a PHP developer (which I said beforehand, when explaining what my skill-set is) then the conversation went in to the direction that the software will be "converted" in to PHP.
Once started I realized that the software was written in Classic ASP, being operational since day 1, which was about 3 years ago and currently being offered as a service to others (kind of a SaaS). A lot of times I noticed that there are obvious major security flaws and I notified my team member to which he replied (emphasis mine):
Don't worry about security. At the moment we are building everything, once all is ready and it is working we will start adding layers of security where needed and it will be OK.
I don't know why you are worried about security at this stage
Which raised a few red flags, however I considered that when we start rewriting it everything will be done properly. (I didn't knew that it was operating for so long nor that it was being resold)
It has been a few months now and the only tasks which I am required to carry out are to make security flaws in applications which work properly for the purpose to "integrate" them (resulting in automatic log-ins..)
Currently my opinion is discarded as soon as I start making an argument that he is wrong for something (strong-arming). There is no deployment strategy, everything is done writing directly to production files via FTP (although I am compensating on isolating the components I am developing and testing, maintaining tests and applying code practices and standards). No backups are in place, no encryption for anything and the "system" is built in a way that everyone working in here can view everyone's personal information including communication, and student works (assignments, exams, etc.).
I am suspecting that he is even leaking data (in form of student works) for personal profit, but I could not state that as all the people coming to speak with him, they speak in their own native language, which is totally different from mine native and English.
So after long description (for which I apologise and tried to keep as short as possible) my actual questions:
- How should I proceed to escalate my concerns, if they are closed friends with the CEOs?
- Should I blow the whistle to ICO ([Information Commission Officer] (http://ico.org.uk/)) that there are no policies in place for security and privacy and no maintenance being done? (which I noticed when a teacher was fired and deleted all presentations and stuff relating to the module we ware doing and my whole group was left empty handed on any materials)
- Should I notify higher levels (those running the programs and issuing the certifications) that I am suspecting that most of the student works are being purchased from members of staff and are not legitimate?
Again sorry for the long post and if anyone would like private discussion I am all for it :)
Discontinued by Microsoft in February 17, 2000; 15 years ago as per Wikipedia's ASP page on Active Server Pages
software-industry ethics
edited Apr 13 '17 at 12:48
Community♦
1
asked Jul 2 '15 at 11:39
DaGhostman Dimitrov
1137
I have went through How to deal with an incompetent colleague? and How should I handle an incompetent coworker?, but I feel my case differs quite a lot.
I started working at my current workplace - which is private educational institution in the UK - about 6 months ago. I am quite advanced PHP developer and have about 5 years of work experience. However, despite being 23 years old I am currently a student in the given organization (almost finishing), I was invited (or requested more or less) to work for them full time on the Virtual Learning platform they ware developing, without me looking for a job (I had dedicated my time to being a student there and was supporting myself just fine). At the end of the interview I was asked prior to starting in the beginning of next week to - quoting - learn Classic ASP 1, I explicitly mentioned that I am a PHP developer (which I said beforehand, when explaining what my skill-set is) then the conversation went in to the direction that the software will be "converted" in to PHP.
Once started I realized that the software was written in Classic ASP, being operational since day 1, which was about 3 years ago and currently being offered as a service to others (kind of a SaaS). A lot of times I noticed that there are obvious major security flaws and I notified my team member to which he replied (emphasis mine):
Don't worry about security. At the moment we are building everything, once all is ready and it is working we will start adding layers of security where needed and it will be OK.
I don't know why you are worried about security at this stage
Which raised a few red flags, however I considered that when we start rewriting it everything will be done properly. (I didn't knew that it was operating for so long nor that it was being resold)
It has been a few months now and the only tasks which I am required to carry out are to make security flaws in applications which work properly for the purpose to "integrate" them (resulting in automatic log-ins..)
Currently my opinion is discarded as soon as I start making an argument that he is wrong for something (strong-arming). There is no deployment strategy, everything is done writing directly to production files via FTP (although I am compensating on isolating the components I am developing and testing, maintaining tests and applying code practices and standards). No backups are in place, no encryption for anything and the "system" is built in a way that everyone working in here can view everyone's personal information including communication, and student works (assignments, exams, etc.).
I am suspecting that he is even leaking data (in form of student works) for personal profit, but I could not state that as all the people coming to speak with him, they speak in their own native language, which is totally different from mine native and English.
So after long description (for which I apologise and tried to keep as short as possible) my actual questions:
- How should I proceed to escalate my concerns, if they are closed friends with the CEOs?
- Should I blow the whistle to ICO ([Information Commission Officer] (http://ico.org.uk/)) that there are no policies in place for security and privacy and no maintenance being done? (which I noticed when a teacher was fired and deleted all presentations and stuff relating to the module we ware doing and my whole group was left empty handed on any materials)
- Should I notify higher levels (those running the programs and issuing the certifications) that I am suspecting that most of the student works are being purchased from members of staff and are not legitimate?
Again sorry for the long post and if anyone would like private discussion I am all for it :)
Discontinued by Microsoft in February 17, 2000; 15 years ago as per Wikipedia's ASP page on Active Server Pages
software-industry ethics
edited Apr 13 '17 at 12:48
Community♦
1
asked Jul 2 '15 at 11:39
DaGhostman Dimitrov
1137
edited Apr 13 '17 at 12:48
Community♦
1
edited Apr 13 '17 at 12:48
Community♦
1
edited Apr 13 '17 at 12:48
Community♦
1
1
asked Jul 2 '15 at 11:39
DaGhostman Dimitrov
1137
asked Jul 2 '15 at 11:39
DaGhostman Dimitrov
1137
asked Jul 2 '15 at 11:39
DaGhostman Dimitrov
1137
1137
closed as off-topic by Joe Strazzere, gnat, scaaahu, Telastyn, Masked Man♦ Jul 2 '15 at 16:28
This question appears to be off-topic. The users who voted to close gave this specific reason:
- "Questions asking for advice on what to do are not practical answerable questions (e.g. "what job should I take?", or "what skills should I learn?"). Questions should get answers explaining why and how to make a decision, not advice on what to do. For more information, click here." – gnat, scaaahu, Telastyn
closed as off-topic by Joe Strazzere, gnat, scaaahu, Telastyn, Masked Man♦ Jul 2 '15 at 16:28
This question appears to be off-topic. The users who voted to close gave this specific reason:
- "Questions asking for advice on what to do are not practical answerable questions (e.g. "what job should I take?", or "what skills should I learn?"). Questions should get answers explaining why and how to make a decision, not advice on what to do. For more information, click here." – gnat, scaaahu, Telastyn
Are you saying that they are developing on a platform that was obsoleted by Microsoft 15 years ago? If I remember correctly, ALL of Microsoft's products had serious security issues back then, and it took a high priority, concerted effort over several years on the part of Microsoft to bring these issues under control.
– Vietnhi Phuvan
Jul 2 '15 at 12:41
Exactly, IIRC that was the reason they made the .NET stuff :) and that was /is developed in 2013-2015 ... :)
– DaGhostman Dimitrov
Jul 2 '15 at 12:46
If you can, run away from the Virtual Learning Platform as far and as fast as you can. The project is critically mismanaged, starting from its selection of a platform that Microsoft hasn't supported for 15 years. The project is also critically mismanaged in that the security issues are not baked into the code from the very beginning. In addition, this platform is likely riddled with security issues from 15 years ago. It's not clear to me how this platform is going to support new technologies such as WebRTC, which may very well be incompatible with it.
– Vietnhi Phuvan
Jul 3 '15 at 0:02
You are right - you are not working with incompetent colleagues, you are working with an incompetent organization. My advice: start looking for another job - that job will be insurance in case something bad happens to you. If you can't make any headway with the management regarding how they structure this project, get the hell out of the firm. Because this project has "LOSER" and "DEATH MARCH" written all over it. And as the senior programmer, they may very well tag you with ownership of this fiasco. The management of this project just violates too many critical rules of project management.
– Vietnhi Phuvan
Jul 3 '15 at 0:08
suggest improvements |Â
Are you saying that they are developing on a platform that was obsoleted by Microsoft 15 years ago? If I remember correctly, ALL of Microsoft's products had serious security issues back then, and it took a high priority, concerted effort over several years on the part of Microsoft to bring these issues under control.
– Vietnhi Phuvan
Jul 2 '15 at 12:41
Exactly, IIRC that was the reason they made the .NET stuff :) and that was /is developed in 2013-2015 ... :)
– DaGhostman Dimitrov
Jul 2 '15 at 12:46
If you can, run away from the Virtual Learning Platform as far and as fast as you can. The project is critically mismanaged, starting from its selection of a platform that Microsoft hasn't supported for 15 years. The project is also critically mismanaged in that the security issues are not baked into the code from the very beginning. In addition, this platform is likely riddled with security issues from 15 years ago. It's not clear to me how this platform is going to support new technologies such as WebRTC, which may very well be incompatible with it.
– Vietnhi Phuvan
Jul 3 '15 at 0:02
You are right - you are not working with incompetent colleagues, you are working with an incompetent organization. My advice: start looking for another job - that job will be insurance in case something bad happens to you. If you can't make any headway with the management regarding how they structure this project, get the hell out of the firm. Because this project has "LOSER" and "DEATH MARCH" written all over it. And as the senior programmer, they may very well tag you with ownership of this fiasco. The management of this project just violates too many critical rules of project management.
– Vietnhi Phuvan
Jul 3 '15 at 0:08
Are you saying that they are developing on a platform that was obsoleted by Microsoft 15 years ago? If I remember correctly, ALL of Microsoft's products had serious security issues back then, and it took a high priority, concerted effort over several years on the part of Microsoft to bring these issues under control.
– Vietnhi Phuvan
Jul 2 '15 at 12:41
Are you saying that they are developing on a platform that was obsoleted by Microsoft 15 years ago? If I remember correctly, ALL of Microsoft's products had serious security issues back then, and it took a high priority, concerted effort over several years on the part of Microsoft to bring these issues under control.
– Vietnhi Phuvan
Jul 2 '15 at 12:41
Exactly, IIRC that was the reason they made the .NET stuff :) and that was /is developed in 2013-2015 ... :)
– DaGhostman Dimitrov
Jul 2 '15 at 12:46
Exactly, IIRC that was the reason they made the .NET stuff :) and that was /is developed in 2013-2015 ... :)
– DaGhostman Dimitrov
Jul 2 '15 at 12:46
If you can, run away from the Virtual Learning Platform as far and as fast as you can. The project is critically mismanaged, starting from its selection of a platform that Microsoft hasn't supported for 15 years. The project is also critically mismanaged in that the security issues are not baked into the code from the very beginning. In addition, this platform is likely riddled with security issues from 15 years ago. It's not clear to me how this platform is going to support new technologies such as WebRTC, which may very well be incompatible with it.
– Vietnhi Phuvan
Jul 3 '15 at 0:02
If you can, run away from the Virtual Learning Platform as far and as fast as you can. The project is critically mismanaged, starting from its selection of a platform that Microsoft hasn't supported for 15 years. The project is also critically mismanaged in that the security issues are not baked into the code from the very beginning. In addition, this platform is likely riddled with security issues from 15 years ago. It's not clear to me how this platform is going to support new technologies such as WebRTC, which may very well be incompatible with it.
– Vietnhi Phuvan
Jul 3 '15 at 0:02
You are right - you are not working with incompetent colleagues, you are working with an incompetent organization. My advice: start looking for another job - that job will be insurance in case something bad happens to you. If you can't make any headway with the management regarding how they structure this project, get the hell out of the firm. Because this project has "LOSER" and "DEATH MARCH" written all over it. And as the senior programmer, they may very well tag you with ownership of this fiasco. The management of this project just violates too many critical rules of project management.
– Vietnhi Phuvan
Jul 3 '15 at 0:08
You are right - you are not working with incompetent colleagues, you are working with an incompetent organization. My advice: start looking for another job - that job will be insurance in case something bad happens to you. If you can't make any headway with the management regarding how they structure this project, get the hell out of the firm. Because this project has "LOSER" and "DEATH MARCH" written all over it. And as the senior programmer, they may very well tag you with ownership of this fiasco. The management of this project just violates too many critical rules of project management.
– Vietnhi Phuvan
Jul 3 '15 at 0:08
suggest improvements |Â
2 Answers
2
active
oldest
votes
up vote
6
down vote
accepted
Me in your place would start to document security issues and bring it up IN WRITING to the colleague, your and his boss. Make it clear that you think that this is a very big problem and you will not take any responsibility if some student gets his data stolen and drags you to court.
Also document downtime because of the bad "on the fly" working technique and raise awareness of that within your superiors. If they still insist that everything is OK, do your job as good as you can and find another one as soon as possible.
Do not tell your boss about your suspicions about your coworker as long you don't have strong proof. Your word is weaker than his.
answered Jul 2 '15 at 12:15
jwsc
1,781515
suggest improvements |Â
up vote
4
down vote
- Is the "they" the manager? He is a close personal friends with the
CEO? If he is friends with the top dog then you don't really have any
safe level to report a problem to. - Do you mean CIO. If the CIO is not aware there are no policies in
place for security and privacy then he/she is incompetent or
complicit. - Works are being purchased from members of staff and are not
legitimate is a pretty serious matter. You need more than
suspicions before you report that. If most of the certificate are not legitimate and the people that issue the certificates are not aware that is serious problem. They should perform some due diligence. What I am suggesting is this is maybe not your problem. I get it is a big problem but not a problem you want to get in the middle of.
Sound like the organization is bad from top to bottom. I just don't see how telling them they are bad would help. If they were competent it would not be that bad in the first place.
If works are being purchased and you get proof there is probably some whistle blower organization you could report to. But you need hard evidence. Looking for hard evidence may get you fired.
The best step may be to look for another job or just do the task they want you to do in the current job. This is the type of job that is easier if you don't care.
answered Jul 2 '15 at 12:23
paparazzo
33.3k657106
+1 for the last line. Some people will suit some jobs - it sounds like you care too much about your work, find somewhere that values it
– AlexFoxGill
Jul 2 '15 at 12:41
For the decorations I meant ICO (Information Commission Officer) ico.org.uk sorry I didn't clarify
– DaGhostman Dimitrov
Jul 2 '15 at 12:48
You should update the post. Outside the UK most people would not know what that it. I did a google and found nothing.
– paparazzo
Jul 2 '15 at 12:55
suggest improvements |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
6
down vote
accepted
Me in your place would start to document security issues and bring it up IN WRITING to the colleague, your and his boss. Make it clear that you think that this is a very big problem and you will not take any responsibility if some student gets his data stolen and drags you to court.
Also document downtime because of the bad "on the fly" working technique and raise awareness of that within your superiors. If they still insist that everything is OK, do your job as good as you can and find another one as soon as possible.
Do not tell your boss about your suspicions about your coworker as long you don't have strong proof. Your word is weaker than his.
answered Jul 2 '15 at 12:15
jwsc
1,781515
suggest improvements |Â
up vote
6
down vote
accepted
Me in your place would start to document security issues and bring it up IN WRITING to the colleague, your and his boss. Make it clear that you think that this is a very big problem and you will not take any responsibility if some student gets his data stolen and drags you to court.
Also document downtime because of the bad "on the fly" working technique and raise awareness of that within your superiors. If they still insist that everything is OK, do your job as good as you can and find another one as soon as possible.
Do not tell your boss about your suspicions about your coworker as long you don't have strong proof. Your word is weaker than his.
answered Jul 2 '15 at 12:15
jwsc
1,781515
suggest improvements |Â
up vote
6
down vote
accepted
up vote
6
down vote
accepted
Me in your place would start to document security issues and bring it up IN WRITING to the colleague, your and his boss. Make it clear that you think that this is a very big problem and you will not take any responsibility if some student gets his data stolen and drags you to court.
Also document downtime because of the bad "on the fly" working technique and raise awareness of that within your superiors. If they still insist that everything is OK, do your job as good as you can and find another one as soon as possible.
Do not tell your boss about your suspicions about your coworker as long you don't have strong proof. Your word is weaker than his.
answered Jul 2 '15 at 12:15
jwsc
1,781515
Me in your place would start to document security issues and bring it up IN WRITING to the colleague, your and his boss. Make it clear that you think that this is a very big problem and you will not take any responsibility if some student gets his data stolen and drags you to court.
Also document downtime because of the bad "on the fly" working technique and raise awareness of that within your superiors. If they still insist that everything is OK, do your job as good as you can and find another one as soon as possible.
Do not tell your boss about your suspicions about your coworker as long you don't have strong proof. Your word is weaker than his.
answered Jul 2 '15 at 12:15
jwsc
1,781515
answered Jul 2 '15 at 12:15
jwsc
1,781515
answered Jul 2 '15 at 12:15
jwsc
1,781515
answered Jul 2 '15 at 12:15
jwsc
1,781515
1,781515
suggest improvements |Â
suggest improvements |Â
up vote
4
down vote
- Is the "they" the manager? He is a close personal friends with the
CEO? If he is friends with the top dog then you don't really have any
safe level to report a problem to. - Do you mean CIO. If the CIO is not aware there are no policies in
place for security and privacy then he/she is incompetent or
complicit. - Works are being purchased from members of staff and are not
legitimate is a pretty serious matter. You need more than
suspicions before you report that. If most of the certificate are not legitimate and the people that issue the certificates are not aware that is serious problem. They should perform some due diligence. What I am suggesting is this is maybe not your problem. I get it is a big problem but not a problem you want to get in the middle of.
Sound like the organization is bad from top to bottom. I just don't see how telling them they are bad would help. If they were competent it would not be that bad in the first place.
If works are being purchased and you get proof there is probably some whistle blower organization you could report to. But you need hard evidence. Looking for hard evidence may get you fired.
The best step may be to look for another job or just do the task they want you to do in the current job. This is the type of job that is easier if you don't care.
answered Jul 2 '15 at 12:23
paparazzo
33.3k657106
+1 for the last line. Some people will suit some jobs - it sounds like you care too much about your work, find somewhere that values it
– AlexFoxGill
Jul 2 '15 at 12:41
For the decorations I meant ICO (Information Commission Officer) ico.org.uk sorry I didn't clarify
– DaGhostman Dimitrov
Jul 2 '15 at 12:48
You should update the post. Outside the UK most people would not know what that it. I did a google and found nothing.
– paparazzo
Jul 2 '15 at 12:55
suggest improvements |Â
up vote
4
down vote
- Is the "they" the manager? He is a close personal friends with the
CEO? If he is friends with the top dog then you don't really have any
safe level to report a problem to. - Do you mean CIO. If the CIO is not aware there are no policies in
place for security and privacy then he/she is incompetent or
complicit. - Works are being purchased from members of staff and are not
legitimate is a pretty serious matter. You need more than
suspicions before you report that. If most of the certificate are not legitimate and the people that issue the certificates are not aware that is serious problem. They should perform some due diligence. What I am suggesting is this is maybe not your problem. I get it is a big problem but not a problem you want to get in the middle of.
Sound like the organization is bad from top to bottom. I just don't see how telling them they are bad would help. If they were competent it would not be that bad in the first place.
If works are being purchased and you get proof there is probably some whistle blower organization you could report to. But you need hard evidence. Looking for hard evidence may get you fired.
The best step may be to look for another job or just do the task they want you to do in the current job. This is the type of job that is easier if you don't care.
answered Jul 2 '15 at 12:23
paparazzo
33.3k657106
+1 for the last line. Some people will suit some jobs - it sounds like you care too much about your work, find somewhere that values it
– AlexFoxGill
Jul 2 '15 at 12:41
For the decorations I meant ICO (Information Commission Officer) ico.org.uk sorry I didn't clarify
– DaGhostman Dimitrov
Jul 2 '15 at 12:48
You should update the post. Outside the UK most people would not know what that it. I did a google and found nothing.
– paparazzo
Jul 2 '15 at 12:55
suggest improvements |Â
up vote
4
down vote
up vote
4
down vote
- Is the "they" the manager? He is a close personal friends with the
CEO? If he is friends with the top dog then you don't really have any
safe level to report a problem to. - Do you mean CIO. If the CIO is not aware there are no policies in
place for security and privacy then he/she is incompetent or
complicit. - Works are being purchased from members of staff and are not
legitimate is a pretty serious matter. You need more than
suspicions before you report that. If most of the certificate are not legitimate and the people that issue the certificates are not aware that is serious problem. They should perform some due diligence. What I am suggesting is this is maybe not your problem. I get it is a big problem but not a problem you want to get in the middle of.
Sound like the organization is bad from top to bottom. I just don't see how telling them they are bad would help. If they were competent it would not be that bad in the first place.
If works are being purchased and you get proof there is probably some whistle blower organization you could report to. But you need hard evidence. Looking for hard evidence may get you fired.
The best step may be to look for another job or just do the task they want you to do in the current job. This is the type of job that is easier if you don't care.
answered Jul 2 '15 at 12:23
paparazzo
33.3k657106
- Is the "they" the manager? He is a close personal friends with the
CEO? If he is friends with the top dog then you don't really have any
safe level to report a problem to. - Do you mean CIO. If the CIO is not aware there are no policies in
place for security and privacy then he/she is incompetent or
complicit. - Works are being purchased from members of staff and are not
legitimate is a pretty serious matter. You need more than
suspicions before you report that. If most of the certificate are not legitimate and the people that issue the certificates are not aware that is serious problem. They should perform some due diligence. What I am suggesting is this is maybe not your problem. I get it is a big problem but not a problem you want to get in the middle of.
Sound like the organization is bad from top to bottom. I just don't see how telling them they are bad would help. If they were competent it would not be that bad in the first place.
If works are being purchased and you get proof there is probably some whistle blower organization you could report to. But you need hard evidence. Looking for hard evidence may get you fired.
The best step may be to look for another job or just do the task they want you to do in the current job. This is the type of job that is easier if you don't care.
answered Jul 2 '15 at 12:23
paparazzo
33.3k657106
edited Jul 2 '15 at 12:40
answered Jul 2 '15 at 12:23
paparazzo
33.3k657106
answered Jul 2 '15 at 12:23
paparazzo
33.3k657106
answered Jul 2 '15 at 12:23
paparazzo
33.3k657106
33.3k657106
+1 for the last line. Some people will suit some jobs - it sounds like you care too much about your work, find somewhere that values it
– AlexFoxGill
Jul 2 '15 at 12:41
For the decorations I meant ICO (Information Commission Officer) ico.org.uk sorry I didn't clarify
– DaGhostman Dimitrov
Jul 2 '15 at 12:48
You should update the post. Outside the UK most people would not know what that it. I did a google and found nothing.
– paparazzo
Jul 2 '15 at 12:55
suggest improvements |Â
+1 for the last line. Some people will suit some jobs - it sounds like you care too much about your work, find somewhere that values it
– AlexFoxGill
Jul 2 '15 at 12:41
For the decorations I meant ICO (Information Commission Officer) ico.org.uk sorry I didn't clarify
– DaGhostman Dimitrov
Jul 2 '15 at 12:48
You should update the post. Outside the UK most people would not know what that it. I did a google and found nothing.
– paparazzo
Jul 2 '15 at 12:55
+1 for the last line. Some people will suit some jobs - it sounds like you care too much about your work, find somewhere that values it
– AlexFoxGill
Jul 2 '15 at 12:41
+1 for the last line. Some people will suit some jobs - it sounds like you care too much about your work, find somewhere that values it
– AlexFoxGill
Jul 2 '15 at 12:41
For the decorations I meant ICO (Information Commission Officer) ico.org.uk sorry I didn't clarify
– DaGhostman Dimitrov
Jul 2 '15 at 12:48
For the decorations I meant ICO (Information Commission Officer) ico.org.uk sorry I didn't clarify
– DaGhostman Dimitrov
Jul 2 '15 at 12:48
You should update the post. Outside the UK most people would not know what that it. I did a google and found nothing.
– paparazzo
Jul 2 '15 at 12:55
You should update the post. Outside the UK most people would not know what that it. I did a google and found nothing.
– paparazzo
Jul 2 '15 at 12:55
suggest improvements |Â
Are you saying that they are developing on a platform that was obsoleted by Microsoft 15 years ago? If I remember correctly, ALL of Microsoft's products had serious security issues back then, and it took a high priority, concerted effort over several years on the part of Microsoft to bring these issues under control.
– Vietnhi Phuvan
Jul 2 '15 at 12:41
Exactly, IIRC that was the reason they made the .NET stuff :) and that was /is developed in 2013-2015 ... :)
– DaGhostman Dimitrov
Jul 2 '15 at 12:46
If you can, run away from the Virtual Learning Platform as far and as fast as you can. The project is critically mismanaged, starting from its selection of a platform that Microsoft hasn't supported for 15 years. The project is also critically mismanaged in that the security issues are not baked into the code from the very beginning. In addition, this platform is likely riddled with security issues from 15 years ago. It's not clear to me how this platform is going to support new technologies such as WebRTC, which may very well be incompatible with it.
– Vietnhi Phuvan
Jul 3 '15 at 0:02
You are right - you are not working with incompetent colleagues, you are working with an incompetent organization. My advice: start looking for another job - that job will be insurance in case something bad happens to you. If you can't make any headway with the management regarding how they structure this project, get the hell out of the firm. Because this project has "LOSER" and "DEATH MARCH" written all over it. And as the senior programmer, they may very well tag you with ownership of this fiasco. The management of this project just violates too many critical rules of project management.
– Vietnhi Phuvan
Jul 3 '15 at 0:08