€18 million worth of government porn

Backstory: http://www.mon.bg/?go=news&p=detail&newsId=2082 (Bulgarian, official government issue)

Summary:

The government issued order for a new educational project worth 70,000,000 EUR (Or as the real sum is 87 million EUR). All good - so far. Except. The issue claims that it will give 29 mil. EUR every year for 3 years to the public schools in our country.
According to them the rewards for the staff are worth about 23 mil. EUR (teachers get about 20 mil. EUR)

So here it is our corrupted country goes full nuts on private pay days.

!!! FIRST OF ALL I AM NOT SAYING THE PROJECT IDEA IS BAD, NOR THE FACT THAT THEY DECIDED TO THROW SO MUCH MONEY IN IT. IT IS WORTH IT, IT'S THE MILLIONS THEY SCAM FROM THE SCHOOLS THAT BOTHER ME !!!

The fishing title

The issue's title says

Starting new project for schools worth 70 million EUR

That is not true. Since later they say that they are going to spent 29 million per year for the next three years. (29 * 3 = 87 million EUR). But since only 70 mil. EUR of those money are going for the schools we will mark the title as 70 mil. EUR project - just to not piss off the public.

How much is gone ? Where did it go ?

This where the scam begins. According to their statement. The rest of the cash that won't go the public schools or as in my rough calculations about 17 million EUR will support project operations, creating a management system and such.
I don't have the data about of how many people are going to be provided for their services in the administration, but for 3 years and the data of 2 outter organisations and the ministry of education + the technical staff ( probably outsourced to a company ) it can not be more than 200-300,000 EUR considering the median salary in the sector being around 500 EUR OR LESS.
So where are the other 16.7 million EUR ?
Technical requirements ? Building the 'system' (quotes are for irony). I will talk about the system bellow.

Procedures & Efficiency

There are SO MANY bullshit procedures (I had the pleasure to meet the project from up close). Examples:

  • Half the data you are supposed to submit to their online 'platform' have to be submitted on paper.. wtf for ?
  • There is no singular control, but shared between organisations. Efficiency is quarter to what is supposed to be
  • Every time a change is made it has to be submitted to several instances including the school principal, responsible organisations for the project management and such (both online and paper variations)
  • Much more..

I will update the article about that, but now I am not about their shitty model for production.

The system.

Holly molly. I couldn't wait to tell you about that. This is where 16 million are supposed to be in.
According the wappalyzer this is the setup it detects.
For the less front-end / web guys I will break this down to you.

  • Apache 2.2.22 - Outdated version. Both 2.3 and 2.4 branches are outstanding next to this one. The only explanation however to use Appache would be if it's a shared web hosting or a managed VPS system.. otherwise I don't see a reason for choosing Apache over nginx.
  • Debian - As it detected this, I noted the site headers that this is probably a ready to use LAMP package downloaded by a half-brain overpaid nerd. Since the Apache doesn't even try to hide neither version nor operating system. Imagine the security level.
  • Moment.js - I try not to use it on front-end projects since that's a heavy one and not the best choise. Nevertheless they used it on 2 places. LITERALY 2 CALLS TO FORMAT() FUNCTION. And pushed in production the entire moment.js library
  • PHP 5.4.45 - This is discontinued version of php (not even END OF LIFE). Security issues, poor performance and much more. This talks even more about the specialists using a shared hosting or managed VPS with pre-installed software.
  • Twitter Bootstrap - This is not their choise tbh. I took a look around the system and they just took a ready to use bootstrap template (probably the 19$ ones from themeforest) so the front-end framework comes with it. Bootstrap is even version v3.0.3 (current one in the of checking is 3.3.7 ... with v4 alphas growing everyday). But hey with 20 mil (as they round those numbers) this is all they can get.
  • jQuery 1.12.3 - Oh boy! You have react, angular, vue, inferno and more brilliant frameworks and you are stuck with jQuery because you've used a ready to use 19 bux template. Won't even talk about how outdated this shit is - current version is 3.1.11
  • Modernizr - As every other government project - we must support internet explorer down to version 6.0! Can't blame them..

This was just the tech specs breakdown. Oh how deep I intend to go. Since I have teacher's access I looked around the system - it's amazing. Irony again. Can't help it.

A month ago I had to input hundred rows of data from an excel table since they want the same data from the paper on their site. BECAUSE WHY NOT ? Guess what - you can't have bulk insert for 20 million EUR.

So I wrote a node.js script to loop through my exported to csv table and make my POST queries. Basicly what they had to do to save me 2 hours of typing the same shit over and over in 20 rows of code.
Probably if they took 30 mil EUR there might be bulk insert as well.

Fun fact. When I was doing this I forgot to stop the loop on the last promise and it went on and on - kinda DDoS'ed the site. I took a look at my traffic since the site stopped loading. I don't know if it was the database or the web server, but this shit went down with 1.1 mbps and 40 pps

I will add more here.

In resume if I had to hire whoever built this shit as freelancer I would probably make him pay me to work for me.

Tsvetan "Cv3" Topalov

I am full-stack developer by mind and saas ninja by heart. If you want to share some thoughts @tsvetowntopalov (NSFW: I express my thoughts and heart here you might feel offended at some point.)

loopback

Subscribe to Tsvetan Topalov's Personal Space

Get the latest posts delivered right to your inbox.

or subscribe via RSS with Feedly!