Tales from the Machine Room
Like that guy said, for every problem there is a solution that is easy to understand, simple to realize, cheap and doesn't work. The problem, most of the time, is that the real "solution" is complicate to understand, difficult to build, probably cost time and money and nobody likes it.
This is obviously the normal state of affair and nobody should be surprised, but for some weird reason, everybody keep looking for that mythical "easy and cheap" solution even after they rammed their head multiple time on the fact that it doesn't work.
We are talking with $shitandstuff, a company that specializes in selling stuff that nobody wants. As everybody should have noticed by now, the Internet is built to perfection for 3 things: 1. Porn distribution, 2. Let peoples act as total douchebags with inpunity and 3. Sell shit to everyone that wants to pay for it.
I've no idea what was the original idea behind the creation of the "great net", probably whoever thought it had high hopes and expectations for a shiny future and profound speeches with the word "knowledge" in them, but we can see things from a more down-to-earth perspective. So down-to-earth in fact that we need to climb on a stool just to see over the the ledge of the hole.
Anyhow, $shitandstuff jumped on the point 3 above like pros, building an ad-hoc web application with mandatory mobile "app" to sell and flog whatever stuff they can to whoever can pay for it. And it looks like it's working because they can pay for the hosting, good for them. When they asked if I had looked at their web site my answer was "are you fucking stupid?".
However, not everything is nice and shiny for them. In specific, some times ago, one of their SL decided that they need to have "a better perception of the operational boundaries in the logistics and activities of their customers", I've no fucking clue what all that means, but what happened was that they asked a company that specialized in "business analysis" (company that will be referred in the future as $bottomfeeder for no particular reason), to perform some statistics and analysis on their sales data.
Obviously, to perform those analysis $bottomfeeder need to have access to the sales data, otherwise it doesn't work very well.
Therfore, SL requested and obtained from their developers to build some sort of "export" procedure that could take the sales data from their database and export them to $bottomfeeder's system. This procedure is, in fact, a mess of scripts that makes an even messier bunch of files that are zipped and FTPed on $bottomfeeder's server. The data are then processed... Somehow... I don't know what they do but it takes hours. And the final result is that ONE mail is sent to SL and other peoples and then used in several meeting and discussion for the rest of the day.
Everything ok, say you. Fuck off, say me.
Because, apparently, $bottomfeeder knows everything of "business" and "anaysis" (whatever they are) but have absolutely no clue about what it is, how it works and how to use a computer. At least, this is my impression because 2 minutes after they finished that 'FTP server' the same was hacked into and it toke them 3 days to get back into it. And 2 days later they were surprised to discover that the same server now was hosting several phishing and porn sites. Normal porn, luckily for them, otherwise they would still be discussing with lawyers and judges.
"Burned" by their encounter with the Internet's "fauna", $bottomfeeder asked for help... TO US! No, I've no idea how they manage to work and stay afloat. And I'm avoiding the cheap shot that some "stuff" naturally float...
SL in the meantime, decided that the single daily mail wasn't enough and what he wanted to do was a lot more "sofisticated". To do so, he requested a read-only account in $bottomfeeder's database. They retorted that the database wasn't dedicated and if that was required the best solution was to install a dedicated machine hosted with the rest of $shitandstuff stuff.
So this new "server" should have been hosted by us but actually be managed directly by $bottomfeeder and this was against our policy and "modus operandi". MarketingMan, smelling blood and a "little opportunity", dived into the pool and proposed an hosting in Azure (the db was SQL Server) joinded to the domain of $shitandstuff by a VPN and another one with $bottomfeeder. This way $bottomfeeder was in control but $shitandstuff had full access to the system.
My reaction to this design was "Urk!" said with a very squeeky voice.
The whole thing was installed by $bottomfeeder's least CL and we managed the VPNs. And 10 minutes later $shitandstuff phoned that their Domain Controller was comatose becasue $bottomfeeder had left RDP accessible from pigs & dogs. After a quick explanation about the marvel of Firewalling and how to actually use a computer, things went slightly better.
I say "slightly" because, in the tradition of "agile design" and "sprint development", $shitandstuff's application changes faster than a squirrel on fire. This means that that crappy "export procedure" fails 3 times out of 5. And for some idiotic reason, the idiots have no better idea than phone US to ask why the export failed. And the simple facts that we have no idea how the export works, how it should work, and we are not in control of their application or the database doesn't seem to be understood by $shitandstuff and they still expect us to be able to make the thing work.
In this brilliant situation... We add the "X" factor. "X" stand for eXcel obviously.
SL is an Excel aficionado. He eats bread and spreadsheet. And what really make him going in the morning is to open up Excel and download from $bottomfeeder's database a nice 9 millions rows query. Or better, this would make him going if it wasn't that Excel crashes every time he try to do so.
And obviously, he complains with us.
And today... The last of the problems arrives.
SL - ...so when I am at home working, I can't connect to $bottomfeeders database.
Me - No doubt, since the routing doesn't work for that stuff.
SL - How do we fix it?
Me - There is a shared RDP server available in your environment, you rdp to that and then you can do whatever you want.
SL - Yeah, no, that thing is too slow and every time somebody needs to use it I get disconnected. No, we need something better.
Me - For that you have to install the client access licenese.
SL - When I am in the office I can connect to the database, why can't I do the same from home?
Me - Because the home-work-vpn isn't designed for that, and because it is against your security policy.
SL - So how do we fix it?
Me - Go talking to whoever is your Security Officer and your CTO, if you have one, and they will have to decide what to do.
SL - Why can't we make another vpn?
Me - ...which part of "it is against policy" wasn't clear?
After several repetition of the above discussion, we get into a meeting. On this side of the
ringtable, Me, MarketingMan and DB, on the other side, SL, his UL and someone that pretend to be the CTO.
SL starts with a very long explanation-lamentation that underline the extreme importance of the marketing data and yada yada and how all this is a stop to his desire to put functional data in the hands of everybody, especially the ones that are supposed to do something with those. And then we go with the usual questions.
SL - Why can't we use the home-work vpn to access the database?
Me - Because it is against your policy, policy that you have subscribed to.
UL - Hummm... maybe we should amend the policy for this...
Me - Or just use the existing and available RDP server...
SL - That can only be used by 2 peoples at a time.
Me - ...and maybe upgrade it if necessary, is only a matter of pay the corresponding client-access licenses.
Obviously, the moment I mention "paying licenses", everybody freezes.
CTO - But if we modify the policy and use the vpn? Wouldn't be a better solution?
Me - No.
...everybody keeps quiet...
UL - And why no?
Me - (sighs) I must point out that this means a greater integration between the server that is still controlled and operated by $bottomfeeder and YOUR system, and judging by the previous performances, it seems obvious to me that $bottomfeeder doesn't have a clue how to operate a server in security. There is a reason that the policies have been defined that way. And that reason is that the security of that system is in doubt, to say the least. Moreover, the whole point of this discussion is to gain access to data that are contained in a database to makes queries with an instrument that is not suited for the purpose, I'm talking about Excel of course, and everytime those spreadsheet are distributed around, like you want to do, EVERYBODY should gain access to those data, bringing the total security of the system to below zero.
CTO - ...so?
Me - So... If you want to do what you want to do, the best option is to bring that server under YOUR control and not under the control of $bottomfeeder, this means to install it in your office and give $bottomfeeder a limited access to that machine only.
UL - And this what should entitle?
Me - Well, first of all, you need to have a machine, that means buy one of course, then you need to install the software, that means pay the license and then you need to consider who need to access it, and that means buy the corresponding client-access licenses...
And again, every time I mention "pay", everybody freezes.
SL - But there isn't an easier way? Like... If we use the office's VPN...
Me - Or you could reconsider the whole system.
UL - What do you mean?
Me - I think that everybody is ignoring what is the starting point of the whole thing here.
CTO, UL and SL look confused at each other.
SL - And what is the meaning of this?
Me - ...Ok, let's see if I can make myself clear...
I get up and approach the whiteboard in the room, grab a red marker the size of Schwarzenegger's left leg and then write 'YOUR DATA', gigantic on the side of the whiteboard, then grab a normal black pen.
Me - Ok, now this (pointing to the writing) are YOUR DATA, contained in YOUR DATABASE, in YOUR APPLICATION, on YOUR SYSTEM, in YOUR HOSTING. What you are trying to do since... About a year, is take part of YOUR DATA and send them to $bottomfeeder (I write a thin line pointing to a small square and write '$bottomfeeder' on the side). They do something with YOUR DATA and then they put them into their database. Now what you want to do is to read YOUR DATA in that database and do something else with them. (To enfasize I draw a black arrow pointing to the small square). But what is important here is that those are, still, YOUR DATA, that came from YOUR DATABASE, only $bottomfeeder did some manipulation to them.
All this while I keep tapping on the huge 'YOUR DATA' on the board.
SL, UL and CTO still looks confused.
CTO - Hemmm... and the point would be?
After silently cursing against all the jackasses that can't understand anything even when they have the answer in front of them, I proceed to explain.
Me - These are YOUR FUCKING DATA! I don't know what $bottomfeeder did, but if they don't add any shit to the pile, and if they did we can add an infinite amount of shit at any moment, the data they have in their database are stil the same that were, and still are, in YOUR DATABASE!
SL - (still struggling to understand) ... so?
Me - SO! What you should do, what you should have done a year ago, is to go to YOUR DEVELOPERS, the guys that are writing and maintaining YOUR application and YOUR database and explain to them what THE FUCK you want to get from the data and let THEM to figure out a way to get that from the data that you ALREADY HAVE.
SL - No, that takes too much time and we have other priorities...
Me - If this shit is so important that we are talking about altering the policy to get it, and we get called every fucking day because the export failed or the import failed or something else failed, it means it is already high priority. If it is so important, then it shouldn't be a problem to allocate the budget to pay for the resources that are required to SOLVE IT in a constructive way instead of keep running around it with Excel sheet and vpn discussion. If it is NOT that important and nobody can't be bothered to devolve the required resources of time and money, then why are we wasting our time here?
SL, UL and CTO keeps thinking for a bit...
UL - So, if we modify the vpn...
They. Never. Understand. A. Fucking. Thing!
Comments are added when and more important if I have the time to review them and after removing Spam, Crap, Phishing and the like. So don't hold your breath. And if your comment doesn't appear, is probably becuase it wasn't worth it.
As the saying goes, there is never time to do it well, there is always time to do it over.
By Il solito anonimo codardo - posted 07/05/2018 10:40
Hai tentato di lavare la testa all'asino, eh? Sai come si dice: sprechi acqua e shampoo - e se l'asino ha le gonadi ad elevato regime di rotazione ti ficca pure un calcio (questi, se non altro, non l'hanno fatto).
Il solito anonimo codardo
By Tsumi - posted 07/05/2018 11:21
Massì, aprigli sta vpn dai...
Magari sta volta caricano dei porno "del tipo sbagliato" e la questione si risolve in maniera definitiva...
By emi_ska - posted 08/05/2018 13:35
Oddio... Quelli fissati con excel sono i peggiori... ho visto gente fare lo scroll di centinaia di migliaia di righe da delle pivot per poi riportarle.... su excel!!!
By Anonymous coward - posted 08/05/2018 14:24
Ammiro la tua perseveranza verso i $gonadimaschili, bigD... Io ci ho rinunciato da tempo e sono passato al "Vuoi questa cosa? Me la metti per iscritto, io ti rispondo per iscritto che rischi comporta e l'ok me lo dai tu".
Sarà lavarsene le mani, ma il mio fegato vale più del cervello bacato di certa gente...
By Messer Franz - posted 08/05/2018 19:30
Io ti ammiro. Io di server e sicurezza capisco poco o nulla , in genere io programmo e le specifiche di "come rendere il tutto sicuro" me le faccio dare dal tizio di turno , così quando (e non se) ci saranno casini saranno SUOI, ma il punto è che io faccio fatica a capire vagamente l'inglese dopo 20 anni che lavoro in informatica (sempre stato una schifezza x le lingue straniere ) e tu invece parli olandese/inglese/quello che si parla nel tuo ufficio come l'italiano... anche se il riassunto di ciò che dici immagino (spero) sia caricaturale , io sarei stato al livello di "loro vostri dati, io tarzan, vostri programmatori cita, jane scappata appena potuto!"
This site is made by me with blood, sweat and gunpowder, if you want to republish or redistribute any part of it, please drop me (or the author of the article if is not me) a mail.
This site was composed with VIM, now is composed with VIM and the (in)famous CMS FdT.
This site isn't optimized for vision with any specific browser, nor
it requires special fonts or resolution.
You're free to see it as you wish.