Comments & Opinions

Home Page | Comments | Articles | Faq | Documents | Search | Archive | Tales from the Machine Room | Contribute | Set language to:en it | Login/Register

"Best" effort or "FuckIt" effort?

No, it has nothing to do with that very old tale.

Let's begin from the beginning, we (me) are "responsible" for the day-to-day operation of a special system, for which we have an infrastructure with several virtual Solaris servers (yeah, horrible, I know), that runs behind a very old and unsupported load balancer also behind an even older and even more unsupported Checkpoint firewall.

For some unfathomable reason, the firewall ain't our firewall and is not even under our control, it belongs to, and is managed by, the very same company for which we run the whole system.

A few years ago there were discussions about replacing the firewall and load balancer with newer (and supported) models, but then the company was acquired by an American corporation that immediately after went into "administration", and that blocked every possible update to the infrastructure for the time being.

The firewall and load balancer were left alone since then.

What is the problem, you ask? Well, when there are changes to be done to the firewall we need to communicate them to $company and then we wait until their "firewall admin team" perform them.

Now, I'm no Checkpoint expert but, login in the GUI: 5 seconds, look up the IP: 1 minute (?), change the IP: 1 minute (?), confirm changes: 30 seconds (?)... everything should be done in about 5 minutes, but.... To say that this is never the reality is a bit too little. In some circumstances, I send the mail and the changes are performed right away, some other times, I send the mail and then I hear nothing at all for days, if not weeks.

If we add to this the "standard modus operandi" of some customers of that system, that decide to change their infrastructure on thursday, get the new IP on friday, on monday they realize that nothing works anymore, panic and start screaming like eagles... so we communicate the new IP on tuesday when somebody cool down enough to send us the notice... things aren't going to work very well.

And yes, we could say that this is mostly the customer's fault... up to a point.

A month or so ago, we got the news that $company wants to "cease" the management of the firewall. That's it. No other detail.


No further news.

In the meantime, ThePowerThatAre, are thinking about taking over the whole service and infrastructure and manage everything directly, sending invoices directly to the customers (that would become 'our' customers). Considering that this service invoice something in the range of 200.000 euro per month, and the cost of running it isn't that large on a yearly base, economically it does make sense. Especially if you factor in some new stuff to replace the bits that are really to be replaced (like Solaris, really, in 2022?).

One of the first step, would be to move the firewall under our control and in our possession. This, unfortunately doesn't seems to go very well... for unknwon reasons. The idea is to install a brand new firewall, copy the ruleset, and then tell the customers to change the IP they connect with.

The problem is, however, that the "customer manager" claim that he doesn't have an updated list of the customers... That news left me a bit confused, I mean, YOU are sending invoices and YOU don't know who the fuck are the customers? Are you kidding?

While all this was in the middle of the scene, I got an alert on our monitor that inform me that one of the IP of the firewall is unreachable.

Odd. I check and indeed the ip doesn't respond anymore. Now, that IP is only used for testing, so no biggy, but still is weird, so I send a mail to the firwall team. And get... NOTHING.

Time passes, after ONE FUCKING WEEK I decide to send another mail. Then more time passes. After ANOTHER FUCKING WEEK I find out the mail of their boss and mail him too. And after a bit I get a response that basically says "yeah, we see it doesn't work, now I can see the IP is still on the firewall and some packets are coming in... but this is now 'best effort', so..." fuck it ?

Now, "best effort" should be first of all BEST, that is, the best you can do. This ain't "best", this is "fuck all" effort!

Davide Bianchi
04/08/2022 08:57

Comments are added when and more important if I have the time to review them and after removing Spam, Crap, Phishing and the like. So don't hold your breath. And if your comment doesn't appear, is probably becuase it wasn't worth it.

5 messages post new

Anonymous coward

By Anonymous coward posted 04/08/2022 14:12 - reply

Questa è una storia...

-- Anonymous coward


By Manuel posted 06/08/2022 21:03 - reply

Heilà big D, sempre un piacere leggere delle tue avventure.

Questa, però, sembra più una storia che mi è capitata proprio 2 settimane fa, e i protagonisti, che non nominerò direttamente, sono Grande Società Telecomunicazioni Inglese  (GSTIN) e Grande Società Telecomunicazioni Italiana (GSTIT). Sembra che GSTIN sia stata acquisita da GSTIT e che ne abbia acquisito anche i contratti; peccato che GSTIN non abbia fornito info su questi contratti e che quindi GSTIT stia fatturando alla cieca senza sapere cosa ci sia dietro il contratto.

E pensa, la mia storia riguarda un firewall che si è fritto e che GSTIT non sa come sostituire perché non sapeva nemmeno di averlo... E non sa come è configurato... Che bello eh?



-- ::: meksONE :::

Andrea Biscuola

By Andrea Biscuola posted 07/08/2022 02:35 - reply

Oh, ho una storia simile da condividere:

Il cliente dove faccio consulenza, e' andato all-in nel "Cose as a service", ma interno, dato che per svariati miliardi

di leggi, non puo' fare outsourcing.

Uno di questi "As A Service" e' il "servizio" di database.

Quando si parla di un qualcosa "as a service', correggimi se sbaglio, io intendo che TU mi dai la piattaforma e IO mi

posso gestire cose come creare/modificare/distruggere le varie risorse. Cosa che non e'.

In realta', il servizio non e' "as a service", ma manco un po'. Ti dico solo che ci hanno messo DUE MESI per distruggere

e ricreare un database perche' aveva l'encoding errato.......... per il nostro ambiente di test.

W il "As A Service"! Soprattutto quando e' "interno" e fatto dagli indiani.

-- Andrea Biscuola

Davide Bianchi

@ Andrea Biscuola By Davide Bianchi posted 08/08/2022 12:42 - reply

Quando si parla di un qualcosa "as a service', correggimi se sbaglio, io intendo che TU mi dai la piattaforma e IO mi posso gestire cose come creare/modificare/distruggere le varie risorse. Cosa che non e'.

Ni'. Dipende da "che cosa" si tratta e come viene implementata. In alcuni casi, tu puoi solo usare le risorse che ti sono fornite.

-- Davide Bianchi

Massimo M.

By Massimo M. posted 08/08/2022 13:11 - reply

Io non sono nel campo dell'informatica, tutt'altro, ma questo che descrivi sarebbe gia' un passo in avanti rispetto al concetto di "best effort" di molti consulenti che ho avuto (certificazione CE).

il significato di best effort per quasi tutti e': mandi 10 mail, alla sesta chiamata al cellulare ti rispondono. nel frattempo ti arrangi. che poi di mezzo ci sia una visita di un ispettore per una certificazione e io abbia bisogno di alcuni documenti per evitare che la visita di certificazione (costo: qualche migliaio di €) vada a ramengo, non ha molta importanza.

-- Massimo M.


This site is made by me with blood, sweat and gunpowder, if you want to republish or redistribute any part of it, please drop me (or the author of the article if is not me) a mail.

This site was composed with VIM, now is composed with VIM and the (in)famous CMS FdT.

This site isn't optimized for vision with any specific browser, nor it requires special fonts or resolution.
You're free to see it as you wish.

Web Interoperability Pleadge Support This Project
Powered By Gojira