• HAX (cs)

    Nope.

  • ben (unregistered)

    Why didn't you just ask?

    Ok: "please please could you open port 21 so our company does not go out of business and please please could you keep it open until forever?".

    this article leaves me speedless.

  • Tego (unregistered)

    In Clayton's defense, nothing is wrong with the FTP server, and he's just doing his job. There's something missing from this story. Did Clayton previously receive an explicit request to close port 21? Are the customers not supposed to access port 21 directly? Are the customers instead supposed to use a VPN of some kind?

  • ubersoldat (cs)
    He popped open a console and fired off a quick iptables.

    Are they running a Linux firewall or here's TRWTF.

    As a side note, for about two months I've been seeing how our tech provider tries to handle access to a web page (that already has an authentication system) by using an IP white list and every time someone's router reboots, a ticket is issued to add the IP.

  • Mauro (unregistered)

    Not sure I get it - security patches on the FTP server interfering with a separate firewall?

  • Tego (unregistered) in reply to ubersoldat
    ubersoldat:
    He popped open a console and fired off a quick iptables.
    Are they running a Linux firewall or here's TRWTF.
    Oh yeaaah. Every elitist Network Guru knows that OpenBSD is the One True Firewall because OpenBSD is the securiest.
  • dkf (cs) in reply to Mauro
    Mauro:
    Not sure I get it - security patches on the FTP server interfering with a separate firewall?
    Idiot decided to close off access to a critical system To Increase Muh Security, and made the mistake of thinking that because the server and the service implementation were up, the service was as well. (If a service isn't reachable by its intended clients, it isn't up. Clients don't care about how you implement the service.)

    Sounds like normal for networking support.

  • Peter (unregistered) in reply to dkf
    dkf:
    Mauro:
    Not sure I get it - security patches on the FTP server interfering with a separate firewall?
    Idiot decided to close off access to a critical system To Increase Muh Security, and made the mistake of thinking that because the server and the service implementation were up, the service was as well. (If a service isn't reachable by its intended clients, it isn't up. Clients don't care about how you implement the service.)

    Sounds like normal for networking support.

    Sounds like Clayton is overpaid. Perhaps he should be working elsewhere.

  • MrFox (unregistered) in reply to Tego

    The problem is that he's not working to solve the problem. He just sits there ignoring the fact that he caused the problem. All he seems willing to do is follow direct commands from others, while he should be trying to add value to the company.

  • nouanda (unregistered)

    "Look, there's a Port 21 blocking the FTP" "Nope, Chuck Testa"

  • Sebastian Ramadan (unregistered) in reply to ubersoldat

    You're referring to the act of "popping open a console", noting that a firewall probably shouldn't have a GUI, perhaps the firewall is running on a different machine that's being SSHd into... but port 22 is blocked. The netadmin has blocked all but his own IP for ports 20-23... Sounds like an act of spite, rather than an act of ignorance.

  • Sebastian Ramadan (unregistered) in reply to Sebastian Ramadan

    ... and then he would've realised he can be replaced by someone who's already at the workplace, shat brix and fixed the problem...

  • Black Bart (unregistered)

    "Can you open port 21 on the eComm server's firewall to external traffic?"

    TRWTF is not running FTPSSL only (but perhaps this is from the early days of the Internet.

  • doranster (cs)

    Perhaps the guru has aspergers and didn't grasp the meaning of John's comments?

  • jarfil (unregistered)

    Sounds too passive-aggressive for there not to be something else behind it:

    • either Clayton really hates John...
    • ...or, he was told to only do as told and nothing else
    • ...or, he received contradictory orders
    • ...or, he is on "Italian strike"
    • ...or, is he trying to get fired?

    Or... I wonder if maybe Clayton may have sent John an email waiting for approval of the patch in order to open the ports to the outside, and John just ignored it. That would be funny.

  • Frosh (cs) in reply to Black Bart
    Black Bart:
    > "Can you open port 21 on the eComm server's firewall to external traffic?"

    TRWTF is not running FTPSSL only (but perhaps this is from the early days of the Internet.

    Using a self-signed certificate, no doubt.

  • Andrew (unregistered)
    "Yeah," Clayton replied. He popped open a console and fired off a quick iptables. Almost immediately, John's phone stopped buzzing.
    Bullshit. John won't hear the end of it for at least a week! Or a month, if he's lucky.
  • Alex (unregistered) in reply to jarfil

    I think it's likely a combination of A and B. Having worked with multiple Claytons in the, it's usually a case of having received contradictory orders in the past, getting blamed for a problem, and then learning to only do as told and nothing else.

  • lol (unregistered) in reply to Alex

    having worked with multiple Claytons myself, its usually a case of them being socially inept, egotistical fuckwits.

  • My Name (unregistered) in reply to Alex
    Alex:
    I think it's likely a combination of A and B. Having worked with multiple Claytons in the, it's usually a case of having received contradictory orders in the past, getting blamed for a problem, and then learning to only do as told and nothing else.

    But not because of a verbal request.

    If things have progressed/decayed to this stage, only a work order coming from a work order management system will do...

  • DCRoss (cs)

    Or, having worked with the wrong kind of John's myself...

    (Shut up. You know what I mean,)

    ...perhaps the communication problem went the other way.

    "Bill can't run SpankyMonkey(tm)." John announced, entering the lair of Clayton, the company's Network Guru (self titled). "Why can't his window come up with the shiny charts? He really needs those charts. Really."

    "I have no idea what you are talking about. Is there a network problem?"

    Then silence. Clayton didn't look up from his monitor. His slicked hair shone with the glow of a thousand server-rack blinks.

    John waited, sure that there was a follow-up to that statement. His phone buzzed, then buzzed again. "Um-- I built a Visual Basic GUI to track his IP address" John prompted, "I'm pretty sure something's wrong. Bill really. Needs. Those. Charts. Did you break SpankyMonkey(tm)?"

    "Nope. I haven't touched any client applications. Could you try to find out what the cause of the problem is?"

    John's mind nearly segfaulted trying to parse the logic behind that statement.

    "But Bill really needs those charts" John echoed back, seemingly to himself. "Did you do anything to SpankyMonkey(tm)?"

    "Nope." Clayton answered, wondering when if ever John was going to get to the point.

  • Anon (unregistered) in reply to jarfil
    jarfil:
    Sounds too passive-aggressive for there not to be something else behind it:
    • either Clayton really hates John...
    • ...or, he was told to only do as told and nothing else
    • ...or, he received contradictory orders
    • ...or, he is on "Italian strike"
    • ...or, is he trying to get fired?

    Or... I wonder if maybe Clayton may have sent John an email waiting for approval of the patch in order to open the ports to the outside, and John just ignored it. That would be funny.

    ...Or Clayton is autistic and really can't comprehend why everybody is upset.

  • A Gould (unregistered) in reply to My Name
    My Name:
    Alex:
    I think it's likely a combination of A and B. Having worked with multiple Claytons in the, it's usually a case of having received contradictory orders in the past, getting blamed for a problem, and then learning to only do as told and nothing else.

    But not because of a verbal request.

    If things have progressed/decayed to this stage, only a work order coming from a work order management system will do...

    Nah, that's the final step - when people start "forgetting" that they asked for things when the fecal matter starts flying. THEN you make everyone put it in writing.

  • Dog's breakfast (unregistered)

    I've worked with people like this and 99% are straight off the boat from china. Job protection and minimal competency is the MO of these idiots.

  • General Pao (unregistered) in reply to Anon

    ... Or his real name is Chong Wang Dong

  • emmayche (unregistered)

    Oh, the flashbacks.

    To the day before yesterday.

  • dkf (cs) in reply to Frosh
    Frosh:
    Using a self-signed certificate, no doubt.
    Do you know what are the circumstances under which a self-signed certificate is the right thing to use? When you can always share the public part of the keypair to all clients ahead of time and you have all clients actually checking that the certificate presented is the certificate they know. Otherwise, don't. (And definitely never blindly accept all self-signed certs!)
  • Sam I am (unregistered)

    I hope that the writers realize one day that all the unnecessary embellishments in these WTFs actually make the articles less enjoyable to read.

  • Lorne Kates (cs) in reply to Sam I am
    Sam I am:
    I hope that the writers realize one day that all the unnecessary embellishments in these WTFs actually make the articles less enjoyable to read.

    I realize that, but I get off on ruining your day. Specifically YOUR day, poster called "Sam I am". So it evens out.

  • zande (unregistered) in reply to Lorne Kates
    Lorne Kates:
    Sam I am:
    I hope that the writers realize one day that all the unnecessary embellishments in these WTFs actually make the articles less enjoyable to read.

    I realize that, but I get off on ruining your day. Specifically YOUR day, poster called "Sam I am". So it evens out.

    I wonder if the advertisers feel the same way...

  • Rich (unregistered) in reply to Black Bart

    I get stuff from FTP all the time. We download from vendors.

    There are three classes we deal with:

    People that give us encrypted data. Sure people could steal credentials, but the data is encrypted, they can't do much with it.

    People that give us unencrypted, not specific to us data. Government T-Bill data and the like.

    People that are somewhat clueless, and give valuable data with no encryption.

    You're assuming the last, but we have a lot of the upper two.

    Captcha: persto... persto chnago!

  • chubertdev (cs)

    Analagous to faulty unit tests. After the change, no one tested hitting the FTP from an external connection. Should have been in the change control documentation to test this.

  • Nagesh (cs)

    Simple matter of using port 22 for the client. Why didn't John inform the client about this?

  • Lorne Kates (cs) in reply to zande
    zande:
    Lorne Kates:
    Sam I am:
    I hope that the writers realize one day that all the unnecessary embellishments in these WTFs actually make the articles less enjoyable to read.

    I realize that, but I get off on ruining your day. Specifically YOUR day, poster called "Sam I am". So it evens out.

    I wonder if the advertisers feel the same way...

    {checks my current offerings from AdSense}

    23 AMAZING Ways To Ruin Sam I Am's day

    You won't BELIEVE this ONE TRICK to ruin Sam I Am's day!!!!

    Learn the day-ruining secret that Sam I Am doesn't want you to know about!!!!!

    @@@ => Meet hot local singles who are horny for ruining Sam I Am's day <= @@@

  • anonymous (unregistered)

    Regular guru... some may know how to do (part of) their job, but always stupid and smug.

  • Skawt (unregistered)

    Has no one noticed that Clayton is such a poor admin that he doesn't know that ports 20-21 are assigned to FTP? He could have been pretending to be deliberately obtuse, but even the greenest admins should know the most commonly used service ports.

  • herby (cs)

    Hey, I have a problem with this light not turning on... Did you change it? ...Nope, I didn't change the light at all. Did you look at the cord?? ...Nope, I didn't change the light at all ...Continues... Please turn on the circuit breaker you turned off to service things! ...Well why didn't you ask about that in the first place!

    Some people...

  • Oscar Carserud (unregistered) in reply to DCRoss
    DCRoss:
    Or, having worked with the wrong kind of John's myself...

    (Shut up. You know what I mean,)

    ...perhaps the communication problem went the other way.

    "Bill can't run SpankyMonkey(tm)." John announced, entering the lair of Clayton, the company's Network Guru (self titled). "Why can't his window come up with the shiny charts? He really needs those charts. Really."

    "I have no idea what you are talking about. Is there a network problem?"

    Then silence. Clayton didn't look up from his monitor. His slicked hair shone with the glow of a thousand server-rack blinks.

    John waited, sure that there was a follow-up to that statement. His phone buzzed, then buzzed again. "Um-- I built a Visual Basic GUI to track his IP address" John prompted, "I'm pretty sure something's wrong. Bill really. Needs. Those. Charts. Did you break SpankyMonkey(tm)?"

    "Nope. I haven't touched any client applications. Could you try to find out what the cause of the problem is?"

    John's mind nearly segfaulted trying to parse the logic behind that statement.

    "But Bill really needs those charts" John echoed back, seemingly to himself. "Did you do anything to SpankyMonkey(tm)?"

    "Nope." Clayton answered, wondering when if ever John was going to get to the point.

    You are so funny :3
  • Chris (unregistered) in reply to dkf

    Security is more important than usability!!! If it can't be used, it can't be misued. There's nothing more secure.

    Honestly, at some level, I think the folks in charge of IT where I work honestly believe it.

  • El Guapo (unregistered)

    This kind of behavior cannot be blamed on Asperger's or any other kind of autism that would cause social ineptitude. This guy is just plain inept. He's the kind of self-taught hack who memorizes the right answers to pass a certification but has no real clue how it actually works.

  • herby (cs) in reply to El Guapo
    El Guapo:
    This kind of behavior cannot be blamed on Asperger's or any other kind of autism that would cause social ineptitude. This guy is just plain inept. He's the kind of self-taught hack who memorizes the right answers to pass a certification but has no real clue how it actually works.
    Which is why a lot of "certifications" are not too useful.

    Needs clue stick!

  • Duis (unregistered) in reply to A Gould
    A Gould:
    Nah, that's the final step - when people start "forgetting" that they asked for things when the fecal matter starts flying. THEN you make everyone put it in writing.
    If only it were that simple. When the fit hits the shan, written reports start getting "lost" and people who kept copies in writing are accused of "forgery" and made into scapegoats.
  • Been there, seen that (unregistered)

    A few years ago, our new "Fumble Fingered Firewall F**kwit" (as named by one of the many affected server admins) decided to "improve" network security, by blocking all port 53 traffic except to/from "authorised" IP addresses. Of course, that would have been SOOO much less disruptive had his list of addresses included both of the central DNS servers for the whole university...

    CAPTCHA: Yep, he looked a real IDEO after that move.

  • Gunslinger (unregistered)

    I don't see the problem. Clayton answered every question accurately and honestly and did as requested in a timely manner. I guess it could be a WTF that a network guru actually let a commoner into his office, but that's a little bit of a stretch.

  • foxyshadis (unregistered) in reply to El Guapo
    El Guapo:
    This kind of behavior cannot be blamed on Asperger's or any other kind of autism that would cause social ineptitude. This guy is just plain inept. He's the kind of self-taught hack who memorizes the right answers to pass a certification but has no real clue how it actually works.
    Nah, sounds like classic Autism spectrum to me. The defining hallmarks are that they don't understand subtleties, take everything literally, don't follow leading statements and questions, and act like superior dicks about it.
  • The Great Lobachevsky (cs)

    Come on now, he's a "network guru". Why would you expect him to know anything past Layer 3?

  • Reductio Ad Ridiculousum (unregistered) in reply to Gunslinger
    Gunslinger:
    I don't see the problem. Clayton answered every question accurately and honestly and did as requested in a timely manner. I guess it could be a WTF that a network guru actually let a commoner into his office, but that's a little bit of a stretch.
    Exactly.

    The Engineer and the Manager

    A man is flying in a hot air balloon and realizes he is lost. He reduces height and spots a man down below. He lowers the balloon further and shouts: "Excuse me, can you help me? I promised my friend I would meet him half an hour ago, but I don't know where I am."

    The man below says: "Yes. You are in a hot air balloon, hovering approximately 30 feet above this field. You are between 40 and 42 degrees N. latitude, and between 58 and 60 degrees W. longitude."

    "You must be an engineer," says the balloonist.

    "I am," replies the man. "How did you know?"

    "Well," says the balloonist, "everything you have told me is technically correct, but I have no idea what to make of your information, and the fact is I am still lost.

    "The man below says, "You must be a manager."

    "I am," replies the balloonist, "but how did you know?"

    "Well," says the man, "you don't know where you are, or where you are going. You have made a promise which you have no idea how to keep, and you expect me to solve your problem. The fact is you are in the exact same position you were in before we met, but now it is somehow my fault."

  • S (unregistered) in reply to Skawt
    Skawt:
    Has no one noticed that Clayton is such a poor admin that he doesn't know that ports 20-21 are assigned to FTP? He could have been pretending to be deliberately obtuse, but even the greenest admins should know the most commonly used service ports.

    And even if he doesn't know what the ports are used for, he should be able to draw the link between "I blocked outside access to some ports" and "outside customers can't access services".

  • Spewin Coffee (unregistered)

    Okay, there are multiple problems here:

    1. There is someone so busy at an organization putting out little fires that they don't have time to actually think. That organization needs to hire more people.

    2. There is no automation. The guy who is swamped should be finding ways to automate his job so that he has time to think clearly.

    3. There is no accountability.

    4. A security patch closed a port. That means it got closed for a reason. Then someone went and opened the port again without evaluating that reason.

  • S (unregistered) in reply to Spewin Coffee
    Spewin Coffee:
    Okay, there are multiple problems here: ... 4) A security patch closed a port. That means it got closed for a reason.

    You're making an assumption there. It could also be that the network guy closed the port because he didn't think it needed to be open - oblivious to the fact that it was used by an essential service.

    It doesn't sound like this guy's big on cause-and-effect...

Leave a comment on “Change Request”

Log In or post as a guest

Replying to comment #:

« Return to Article