Mike's pressed his left thumb hard against his temple.
No effect.
He stared into the pale brownish liquid in his oversized coffee cup.
His wife had bought him that cup.
It was comically oversized. Near the top, it had the words "new dad" printed. There was a line that circumscribed the vessel and terminated on both sides of those words. Near the bottom, was a similar structure with the words "world's greatest boss". The cup was transparent so everyone could see whether Mike had enough coffee to switch out of dad mode and into work mode.
Mike kept the cup full at all times.
He took a deep breath, momentarily inflating then sagging in his chair a little. His eyes remained fixed on his coffee cup throughout the process.
When he looked up, Fred and Samantha were exchanging a peculiar glance. Kramer sat motionless, staring at nothing with his usual blank expression.
"Mike," said Samantha. "We're safe, now. We can do this, later."
"No," said Mike. "What did they get?"
"Everything," said Samantha. "They got everything we had in PriceMax."
Mike shook his head and asked, "How?"
"Someone added a new parameter to the user-administration service. It was called bypass_security. Want to guess what it does?" Samantha spat that last sentence.
Kramer seemed to wake up and spoke. "That wasn't supposed to be compiled in production."
Mike was turning his head to face Kramer's, so he barely saw Samantha's reaction out of the corner of his eye. The loud crack of her palm slapped against the conference table jolted Mike partly awake.
"Damnit, Kramer!" she shouted. "We told you we were changing the pipeline so that there would be no more conditional compilation. We told you. We told you. We told you so many times and different ways."
Kramer pulled his thin, wire-rimmed glasses off his nose and began polishing them with his shirt. Placidly, he said, "First, my name is Jim. Don't call me Kramer. Nobody else goes by their last name, here. Why should I? Second, I didn't know. I don't feel like you communicated it to me well enough."
Mike tilted his head once and interjected: "That's fair. Let's not get into the blame game, Sam & Fred."
Samantha's face was almost scarlet. Her hand was pressed flat against the conference table, still resting in the spot where she had slammed it. She looked like a cartoon figure about to blow steam out of her ears.
Mike knew that she didn't like to be called "Sam". She knew it would be doubly offensive juxtaposed with Kramer's lecture about using people's preferred moniker. He also knew that she wouldn't be able to say anything about it for the same reason.
Inwardly, Mike smiled at his little victory.
Outwardly, he asked, "How long did it take them?"
"Three weeks. A week to find it and two weeks to get all the data," answered Fred. "They slow-played us and it worked. If they tried to get it all at once, we would have noticed the spike in traffic to one client."
"How did we not catch it once it started? Don't we monitor that service heavily? Isn't there a kill-switch?"
Sam was still cooling down, so Fred took over entirely. "bypass_security didn't just disable security checking. It disabled all security on the user administration service... logging, auditing, alerts... all of it."
Mike sighed, again. It was a weak thing. The faint expulsion of gas from a haggard, nearly-broken man.
He turned his gaze on Kramer. When there was no answer, he said "Jim? Why did you add that flag?"
Kramer placed his glasses back on his head and sniffed.
"Well," he started. "It wasn't supposed to compile in production."
"We've established that. You know there's no compilation difference between production and test anymore, now, right?"
Kramer narrowed his eyes and his pupils twitched left and right a few times. His nostrils flared and he said. "What if I create a special flag? Just for me?"
"No," Fred broke in. "We compile a single set of binaries and use them all the way through the pipeline. We do it this way specifically because you've screwed us over with conditional-compiled stuff in the past."
Mike raised a hand to silence his underling. Inwardly, he thought "these guys are going to kill me." The gesture worked and Fred didn't spin off into a tirade. Samantha, however, looked angrier than before. The muscles in her arms were all locked in tension. Her jaw was clenched tightly.
Samantha appeared to be frozen in the middle of vaulting over the table to throttle Kramer. Mike wasn't sure but she looked like she'd move a few inches in that direction since the last time he'd glanced her way.
"Then how am I supposed to fix the tests?" asked Kramer.
"Is that what this is about," said Mike. "Some damned tests?"
"Yeah. It seems like everything I do is about their tests."
"I see..." Mike punctuated with another sigh. "Why disable the logging?"
Remaining otherwise motionless Kramer blinked a few times. "It's always the same. Their tests break but I'm the one who has to fix them. They yell at me when I fix the broken test. I'm supposedly somehow supposed to fix their broken test by 'fixing'," he used his fingers to make air quotes, "my working code.
"Not only do the tests break all the time but they also take a long time to run. It was three forty-five and I was getting ready to head home. I didn't know what kind of security stuff was going to break when I fixed the security to be off for the tests so I disabled it all.
"Then I made one tiny change to the tests to use the flag." Fred shrugged. "They said it was okay to make small changes to tests that decouple them from something they shouldn't be testing."
Samantha's breathing had grown more audible; deep draws of air through the nostrils and loud winds passing through her teeth to exhale. Mike couldn't be sure but it seemed like foam was curdling in the corners of her lips.
He rubbed his eyes and saw that was just is tired imagination.
"What do we do, now?"
That question seemed to break Samantha's kill-trance. She blinked, causing tears to form in the corners of her eyes. "We have to report it," she said.
"What do I say? Did they get anything that could identify anyone?"
Samantha shook her head and said "No. No, PriceMax tracks purchasing trends and has guesses about what the best price to charge a user is but we don't track anything that can be used for identity theft... not directly."
A look of confusion and wonder crept upward across Samantha's face. Her brow furrowed. Her eyes narrowed and her gaze drifted back toward Kramer. "At least, we're not supposed to. Fred and I will have to check."
The uncertainty in Samantha's carriage put a knot in the pit of Mike's stomach. Fury and arrogance were her staples. Trepidation was not something she typically expressed, especially uncertainty touched with a little fear.
Fred was obviously as bothered by it as Mike. He was suddenly wearing his poker face.
"I can help," said Kramer. "Let's split up the work. We'll get it done faster."
"No," said Mike. "I don't want to miss anything. All three of you need to check everything. Independently. Let's all review what everyone found, later."
For an instant, Kramer looked as if he was going to protest. It passed so quickly, Mike couldn't tell if it was another figment of his imagination. He decided to ignore it.
Samantha's bewondered stare turned on Mike, exposing him to another thing he'd never seen her express: respect with a dash of gratitude.
"I'll make an initial statement," said Mike. "I'll say there was a breach. Customer data were taken by outsiders but that, to our knowledge at this time, there were no identifying data to be taken. We're doing a full review to make sure. It happened on my watch. So I'll take responsibility. How long is this going to take?"
(continued here)
