Between arguing with a potential client about doing intrusion testing on my network at work and failing web-apps, it’s been a tiring week.
For the former, because I don’t keep dedicated security people on-staff a potential client is insisting that I spend thousands of dollars on a third-party penetration test… For a potential contract that will net slightly less than the penetration testing will cost.
I run my own tests quarterly, but that’s not good enough for this client.
The latter is our time tracking system that uses a collection of PHP that was originally written in 1998 and then I essentially re-wrote in 2018.
Yesterday afternoon it exploded spectacularly when I restarted it to close the SQL port that the QA Director insisted on, in preparation for a potential third-party audit. On reboot it attempted to update the SSL cert, couldn’t because the OS isn’t supported by CertBot anymore, and then Apache exploded.
The problems this web-app faces are simply due to age. It wont work with any PHP after 5.5.9 without a total re-write and PHP 5.5.9 wont install on a modern OS. So I have to run a five year old version of linux in order to run a five year old version of PHP to run a twenty year old app because the powers that be like the way it does reporting.
Oh well. I sent the aforementioned powers an email last night explaining that they got lucky that I was able to resuscitate the time-tracker, and that the dire warnings I’ve been giving them for years now about finding a new system are now imperative.
Let’s see if they pay it any heed.