top | item 21142229

(no title)

rjplatte | 6 years ago

I'm the sole developer working on my current project, which is overhauling a massive DOS era application, as well as overhauling an early 2000s era CRM/business management tool, that almost all of our work happens through.

Did I mention that the DOS application is a HIPAA billing application that must meet all HIPAA guidelines as well as write EDI X12 billing files?

I'm very junior, been coding for ~5 years, 3 professionally, but this is my first real dumpster fire. We were about to hire a second developer, but turns out he had a record. Not for just anything, which we don't really worry about, but for embezzlement on the healthcare billing application he used to own. So, no. No can do.

So now poor 18-year-old me is knee-deep in a ton of shit I don't understand, working on non-version-controlled code, having been expressly forbidden from using ANY VC by the CEO, and trying to get details out of my older supervisor who built the code we're using, but he's near retirement and has so many vacation days saved up that he spends maybe 10 days a month in the office. I honestly can't blame him, but I either need resources to help me deal with legacy code, or a nice entry-level rails job, because I want to finish learning rails.

discuss

blotter_paper|6 years ago

>having been expressly forbidden from using ANY VC by the CEO

Well that's really fucking stupid of them. Maybe they're worried about evidence of old HIPAA breaches existing after the system gets updated, and doesn't want to explain that logic? On your local development station:

  mkdir repo
  cd repo
  git init --bare
  cd ..
  git clone repo project_folder
  cd project_folder
  cp -r ../<path_to_project>/project project

Congratulations, you now have version control for local development that your CEO never has to know about! The only reason I'd suggest an extra folder (horribly named project_folder in the example above) is so that you never accidentally copy the hidden .git files when moving it from your dev station.

MichaelMoser123|6 years ago

https://stackoverflow.com/questions/505467/can-i-store-the-g... you dont need to copy files, just tell git to store its data in another dir

marrone12|6 years ago

It likely is because of accidentally storing PII randomly in a hidden folder.

The data and application code are probably very intertwined, rather than portable code that could be plugged into any kind of stage database.

bloopernova|6 years ago

You do know that HIPAA violations can land you in jail, right? Run. Don't walk. Vacate immediately. Leave.

I'm finding myself hoping that this is a fake, because I wouldn't wish this situation on anyone at all.

xerox13ster|6 years ago

This was my first exposure to a professional development job, but for medical transcription (we had a billing dept too). I wasn't even hired to do it (I was hired as help desk staff), but the application neeeeded updating and the 2013 HIPAA omnibus had just dropped so we were on the line to get in compliance and no one else was stepping up. I had to learn as I went. decade old, undocumented code written in old .NET and (some) Java 6.

No version control, running on Win2000/XP, ancient beige box hardware (some with turbo buttons).

I was 19 and making $9 an hour. I got fired for automating my help desk tasks so I could bring us up to date.

finkin1|6 years ago

Yeah...as someone who works on HIPAA compliant software, this sounds very scary to me. We carry a $1M insurance policy at all times. Did you sign a business associate agreement?

aussieguy1234|6 years ago

This might be why the CEO doesn't want version control. It's extra evidence

chaostheory|6 years ago

Not just jail, you are also now personally liable. Meaning your personal assets are on the table for a lawsuit (at least according to Stanford’s HIPAA training)

hacknat|6 years ago

You won’t go to jail if you do nothing wrong, but legal fees. Ugh, yeah, you’ll be in court as a witness and possibly defendant if you don’t leave ASAP.

JamesBarney|6 years ago

I don't think anyone has gone to jail for HIPAA violations who wasn't intentionally misusing or stealing PHI.

LifeLiverTransp|6 years ago

[deleted]

DoreenMichele|6 years ago

I worked in insurance for over five years (at a Fortune 500 company). I had annual HIPAA training. I was in claims, so I'm not sure how pertinent this will be to your needs, but here is some stuff I remember:

1. HIPAA has a minimum necessary standard of disclosure, which means give only however much info you must give to accomplish the task in question.

2. You need at least three pieces of identifying info to positively ID an account, such as name, address and account number. (Other possibilities include: Social security number; date of birth; phone number.)

3. When disposing of papers or other media containing covered information, it must be destroyed, not merely thrown out. This means papers, floppy disks, etc must be shredded.

4. If you're printing a lot of papers with HIPAA covered info, you should have a locked trash can for any papers you are discarding. Presumably, this is merely a holding bin until it gets shredded.

5. Papers with pertinent info should be turned face down if anyone comes to your cubicle to talk, even a coworker. Ditto for papers coming off the printer containing covered info.

6. You need an annual HIPAA training program to remind everyone of a lot of the above (and likely other things I'm not covering).

7. Computers should be password protected when you walk away from your computer.

I guess the short version is: When in doubt, err on the side of making sure the information cannot be accessed by anyone who isn't using it to accomplish the purpose it is intended to serve. Also, you can't go flipping through covered info for funsies. Although you have authorized access, it's only authorized for a specific purpose.

clort|6 years ago

> 6. You need an annual HIPAA training program to remind everyone of a lot of the above

When you say 'need' do you mean 'legally required to' ? I wonder if that could work to the advantage of the poster, in that if they left because they became aware that things are not being done correctly and they have never had any such training, the legal responsibility would reflect back on the employers who had not provided such training to an obviously inexperienced employee and the CEO in particular who is the person who should have known to do that.

I am not in the USA and I think the UK has slightly better employee protections and lines of legal responsibility, at least in some areas (such as Health & Safety) but who knows..

systematical|6 years ago

I worked for a "CTO" who didn't allow us to use version control either. This was from 2007-2010. I am surprised there is a company TODAY that does this, but I guess I shouldn't be.

The reasoning behind not using VC was that it "caused more problems than it solved." His solution? Code directly on the production server. Yep. You heard me right. Let me say that one more time. Code directly on the production server. We eventually finally won a development server and wrote some bash scripts to deploy from there, but we never actually got SVN or anything. Imagine working on five person development team with no version control.

The guy was a serious joke. The VC issue is just one of many. A serious despot. The guy was hated by all. We laughed at him. Why would I stick that out for three years? I had zero experience when hired. All of us were very green. We were all just putting in our time to hit that magic three years experience checkbox we needed for the next level gig. The CTO was more concerned with appearing to have a large department and having developers working on lots of different things, than actual quality. We wrote some pretty terrible code back in those days and we did a lot of it on a production server during business hours.

We all left at or around the three-year mark. Month by month the "CTO" lost developers faster than he could replace them. The "CTO" was eventually fired and we laughed from afar.

You are being taken advantage of like I was when I first started. You are cheap labor. Your CEO doesn't care about the product. Your CEO likely doesn't care about your career development. The sooner you leave, the more you will learn and grow. That was my experience.

JohnFen|6 years ago

> Code directly on the production server. Yep. You heard me right. Let me say that one more time. Code directly on the production server.

What a coincidence! We have a customer that is having a strange, hard-to-nail-down problem with our software. We asked if we could provide a diagnostic build to them that they could run in their test environment to gather additional information about what was happening.

Their reply was that they didn't have a test environment. They just install any software they get directly to their production machines.

Complete insanity.

rpmisms|6 years ago

I'm the GP, on my work account. Yes. That is exactly what we do. It's horrifying.

jacquesm|6 years ago

If they require that you don't use version control but at the same time want it to be HIPAA compliant you need to walk right now if you have options, ASAP if you don't. You're being set up to be blamed if anything goes wrong.

Change management is part and parcel of anything in the medical software domain, and VC is an obvious part of that.

house9-2|6 years ago

> working on non-version-controlled code, having been expressly forbidden from using ANY VC by the CEO

Version Control is a basic requirement of professional software development in this day and age.

You could try explaining to your CEO it would be like telling a carpenter they can't use a hammer to build your new house.

Or just take the initiative and use Version Control without telling them. In my mind it isn't something you need to ask permission for.

elliekelly|6 years ago

The CEO has likely given this directive to avoid a paper trail. Any attempt at rationalizing with the CEO will be a waste of effort when this person could (and should) be focused on finding another place of employment.

marrone12|6 years ago

This is bad advice. If you accidentally leave personally identifiable healthcare information on some random stage server and that server gets hacked, that is a federal crime. If the data and application code are very intertwined (likely in a pre-SOA era), it can be very difficult to version control code completely isolated from PII.

brongondwana|6 years ago

Apparently (according to a carpenter friend) - if the carpenter uses a hammer on a modern build it means something has gone wrong - they're normally using nailguns or similar to put things together - hammers are to bash them back apart again or knock them into alignment if they weren't done right the first time.

eb0la|6 years ago

I always thought it is more like making a building without a scaffold: when you're on the ground floor it doesn't look bad, but the more you build....

whateveracct|6 years ago

If you're that young (18??), you can almost definitely afford to quit tomorrow and look for something better.

Never sacrifice your own career for your employer's success (within some time horizon.) Being willing to quit when your boss is a clear bad actor is a core part of this.

protomyth|6 years ago

If you're that young (18??), you can almost definitely afford to quit tomorrow and look for something better.

It very probably is the opposite. A lot of people who end up working at 18 are doing it because they need the money and their support network is poor.

brucedawson|6 years ago

Quit. Period. Maybe find a new job first. But don't stick around.

noir_lord|6 years ago

Same boat, similar level of responsibility and I’ve been programming 20 odd years.

I accepted an offer yesterday, 35% pay bump, 5 extra holiday days, twice the bonus cap and all of that pales against knowing I’ll never have to touch that fucking codebase under unrealistic constraints again in a short time.

In stead I get to run a team, in a much bigger company with proper modern development practices.

When they rang to tell me it was mine if wanted it I was literally shaking, it felt like an elephant had stepped of my chest.

Until that point it really hadn’t occurred to me how unhappy the last two years at work have been, fighting the worst undocumented codebase I’ve seen two decades was a long slog, doing it alone for people who don’t understand the issues just made it worse.

Will be putting my notice in next week.

As someone 20 years older than you, get out and get out soon.

You are damaging your future career chances by stagnating in a job that won’t teach you how to do things better for your future.

reificator|6 years ago

> working on non-version-controlled code, having been expressly forbidden from using ANY VC by the CEO

I've been there. Run.

lacampbell|6 years ago

I'm bewildered as to why a CEO would have any opinion on version control at all. Or why you'd ask a CEO whether you could use one. It's like a builder asking a construction company CEO if he can hold a hammer lower in his hand and that CEO forbidding it. Can someone explain?

rjplatte|6 years ago

I'm studying hard, but learning new stuff while learning other new stuff is hard.

rubyfan|6 years ago

Also run for all the other stuff you said before that.

unknown|6 years ago

[deleted]

burnte|6 years ago

> having been expressly forbidden from using ANY VC by the CEO

You can run a local git repo, no code would ever leave your PC. I'd do taht, and damn the torpedoes. If he is dumb enough to say no versioning, he'll never know you run it locally.

EdgarVerona|6 years ago

I was sort of in a similar situation when I was your age - in over my head at a complex project where the owner had never heard of version control (though in my case, I was too green to realize that it even existed). They had 30 copies of the same software, one in a folder on a shared hard drive for each customer. If there was a bug and it wasn't specific to a customer, you had to go fix it in 30 different places.

I promise you, if they don't want to provide version control they aren't going to provide you with other benefits and necessities that you deserve.

Related questions to benefits and necessities:

* Are you getting healthcare? * How is your pay compared to other Jr. software engineers in your area? * Are they paying you hourly? If so, are they actually paying you for hours worked, or are they finding ways to reduce that number of hours? * What if you demanded that they used version control, and brought your best arguments: what would they say?

Consider the answers to those questions, and if you don't like the answers, I strongly urge you to leave. There's a complacency that can come with "settling" for a place that is a "known constant." Don't settle here, when you deserve more.

Put what you've done on a resume, and give it to a headhunter. They will find you a better job - maybe not an ideal job, but a step up. And your career will truly begin.

Chirael|6 years ago

You may find this article helpful in some way: “How to Improve a Legacy Codebase” [0]

[0] https://jacquesmattheij.com/improving-a-legacy-codebase

Porthos9K|6 years ago

Ghost this job immediately. It's a clusterfuck waiting to happen, and your bosses are going to leave you holding the bag when everything turns to shit.

You're a programmer, not a fall guy. You aren't getting paid enough for this.

hluska|6 years ago

Three things:

1. I’m impressed that you’ve made it this far.

2. This situation has ‘get the fuck out’ written all over it. It’s time to dust off your resume and get out of there.

3. I don’t think you’ll have any trouble. You seem like a good writer and I bet you’d be a good developer to work with.

Best of luck bud. I wish I had a concrete way to help you.

PaulRobinson|6 years ago

Everything about this screams that you're being set up to fail, and given the circumstances "failure" might mean jail time.

There are plenty of jobs out there. Go get one, _today_, please!

iamsb|6 years ago

You are 18 and been working professionally for 3 years. Well done. All said and done this is what matters. Real life experience over university education.

BalinKing|6 years ago

One thing for GP to consider: I did the exact same thing (worked for three years in software development), but now I’m back at school in college. This obviously depends on if you think school is worth it (I did), but I wouldn’t be surprised if my work experience before college helped me stand out in the application process. Either way, good luck!

thijsvandien|6 years ago

What are the arguments against version control here (if any)?

Honestly the project sounds quite interesting, but I can imagine the circumstances make it painful.

reificator|6 years ago

> What's are the arguments against version control here (if any)?

* I don't understand it

* You're overcomplicating things

* We're not using any of that free shit here

* It doesn't say Microsoft or IBM

* The last guy we hired that tried to use it was smarter than I was so anyone else who tries is a threat to my leadership. (because everyone knows you can only manage people who have a strict subset of your own knowledge. If one of your peons dared learn something before you, that would be the end of your reign.)

the list goes on...

rjplatte|6 years ago

He thinks it's all cloud based. It's sad, yes.

I honestly enjoy the work when I know what's going on. We have a lot of unique problems to solve, and I have gotten positive changes made, as well as some really good weeks where I pounded out some good code, but other times it's slow, sad, and frustrating.

mcv|6 years ago

> "What are the arguments against version control here (if any)?"

No good ones of course, but there is one that I think is superficially very compelling:

It keeps a permanent record of everything that has ever been part of the codebase. If HIPAA required medical and patient data to not be stored anywhere except under highly controlled circumstances, the CEO might be afraid that data might end up in version control.

And that's not an entirely unreasonable fear; developers writing a quick PoC could include data in the project because it's quicker than setting up the infrastructure required. And of course they'll later fix it, but the version control system will still keep a record of it.

Of course there are tons of bad practices about this, but here's the thing: bad practices do happen, even if it's just as a temporary measure, and version control will create a permanent record for that.

Of course the right way to do this is to ensure that the developers only have access to anonymised test data and not to real sensitive production data; and to ensure that production data is always and only stored under the proper, secure circumstances required.

It's still a red flag, but the reasons might be more subtle and complex than simply "I don't understand it".

archi42|6 years ago

No offense, but starting to code professionally with only 15 years sounds... a bit strange? I mean, I started coding with 10 (~20 years ago), and the easily available tooling was much worse back then than it was 5 years ago, but if I was your CEO I wouldn't put anyone with that little expertise and (I suppose?) no formal training on such a project alone (it's something else if you're working with a senior dev from whom you can learn). And when I was your age, I wouldn't have done anything that might put me in jail if done wrong.

Also, please pass this message from me to your CEO: He's an idiot for not letting you use version control.

Leave asap.

protomyth|6 years ago

working on non-version-controlled code, having been expressly forbidden from using ANY VC by the CEO

Did the CEO give a reason? I'm a bit curious based on it being billing and HIPPA. Also, are you rolling your own EDI import/export?

rjplatte|6 years ago

CEO doesn't like "the cloud", and VC is obviously that to him. I do use it locally, but that's about all.

Yes, I just wrote an EDI exporter in Ruby for Medicaid services, working on one for MCOs now. Thankfully we don't have to import EDI, or I'd go nuts.

etxm|6 years ago

HIPAA

knightofmars|6 years ago

>I'm very junior, been coding for ~5 years, 3 professionally

I agree with everyone else commenting here. This is a disaster waiting to happen. You are also limiting yourself by not working with people who will mentor you and show you the correct way to do things.

You're experienced. You can find a new job. DO SO IMMEDIATELY. FIND A NEW JOB, NOW.

lunaru|6 years ago

I didn’t see any contact info on your profile but if you’re looking for a Rails gig, let’s chat. Ping me at my profile email.

shantly|6 years ago

Seriously, the GP comment makes me wish I had a job to offer, not just due to sympathy but because any 18-year-old who is even sort of managing to tackle that problem and also knows that lack of VC is a serious red flag is probably worth an interview.

james_s_tayler|6 years ago

Wow. Just wow. Run. There is no way this will end well.

No version control = no way.

You're junior in years, but 3 years working professionally makes you perhaps less junior than you think. It's right around the point it becomes easier to get other jobs.

throwaway010718|6 years ago

Before quitting, try your best to make changes that will reduce stress and improve the project's manageablity with or without permission. Your work sounds so mission critical you could probably do whatever you want with no chance of getting fired.

Just be able to justify your action and communicate your decisions clearly. You'll start earning respect and that alone will reduce your stress levels. Standing up for yourself is hard to do at any age and "learned helplessness" is a concern if you don't push yourself.

mihaaly|6 years ago

Giving a demanding task to a junior is usually how they improve and learn, but what you describe here is just a big pile of management incompetency. Escape.

Random_Person|6 years ago

This all sounds so similar to my situation that it's scary... but I'm 40. Getting out is proving difficult because of age discrimination.

ufmace|6 years ago

This smells like you are being set up to take the fall for something. Possibly something with really serious personal legal consequences. This is way, way worse than being underpaid or working for abusive jerks. No way it's worth it, I'd say quit now, even if your immediate alternative is working at Wal-Mart or something.

avgDev|6 years ago

I know the feels but I'm a bit older. I am currently rewriting an old web forms app. Source code is outdated and not what is in production. Some methods are 1500+ lines of code. This project is dumpster fire but at least I can vent to everyone and they agree. Plus, I don't have to deal with HIPPA good luck brother!

shrikant|6 years ago

> expressly forbidden from using ANY VC by the CEO [...]

I read this and thought this could be because the CEO only thinks of version control as "GitHub", and is worried about putting sensitive information in the "cloud".

Have you considered discussing this with your immediate superior? Not using any VC is a disaster waiting to happen...

mihaaly|6 years ago

Probably they should stop using internet too, just in case, bad people lurk around there, they say.

crististm|6 years ago

My suggestion if you need one is to make a lateral movement and offload your problem to your CEO. Go hunt for another job.

TeeWEE|6 years ago

Seriously, leave now! While you can.

syntheno|6 years ago

Yo, git can be used locally. I highly recommend it.

ru999gol|6 years ago

this whole story probably just boils down to people not understanding the difference between github and git.