by Tan

Shit my A.G.I.L.E. S.C.R.U.M. developers say

(via Reddit)

Yesterday, I did shitty emergent work that wasn’t planned for because our tech is a dumpster fire.

Today, I plan on refactoring embarrassing code that hasn’t really done any business logic correctly for two years, but I probably won’t because one of you will ping me to do something else 30 minutes after this.

No blockers.

– /u/OnlyFullOfCodeQs

We do all our standups sitting down, because they’re far, far too long to do standing up.

– /u/nermid

bUt mUh MeTRicS

– /u/ubertrashcat

When I was SCRUM master, people legit got mad at me because I started at the exact time, gave everybody <2 minutes…So now instead of daily stand-ups, we have daily meetings. 30 minutes where 2 to 3 people can dominate 10 minutes talking about their specific problem while the rest of the team is just sitting there doing nothing. 80% of the people go within 5 minutes, but the other people either turn it in to a TED talk, or tutor session

– /u/qwerty12qwerty

now you’re like the other 87%, a garbage blend of agile and waterfall. Have fun double logging all activities to save other people time!

– /u/LoloLah

We once had a standup where none of the PMs were available, so us devs just did it ourselves. It took about 2 minutes.

– /u/productivefiring63

by Tan

npm install womp-womp

Recently, a popular npm package called event-stream was compromised to include a bitcoin stealing feature that targeted a bitcoin wallet platform. This occurred when the owner and maintainer of event-stream gave an unknown entity rights to the repository. This unknown entity then added a dependency to event-stream, another npm package called flatmap-stream, which included the actual malicious code. When asked why someone was given access to the repository, this was the response.

https://web.archive.org/web/20181201140811/https://github.com/dominictarr/event-stream/issues/116#issuecomment-440927400

https://web.archive.org/web/20181201144014/https://www.npmjs.com/package/event-stream