[Tweeted 2011-06-03]
Once upon a time I was in a meeting in which we discussed a web application that was scheduled for deployment in the immediate future. As we were working out the implementation details, we came upon the issue of needing to access private, restricted, highly confidential information.An additional wrinkle was the need for the database to be maintained by the system of record, which was on the internal network.
As we were discussing the options, one person (I'll call him n00b) suggested that we could easily solve the problem by joining the server to the DMZ and the internal network simultaneously. My response was an immediate "no, we can't do that". "Oh yes we can", the n00b replied. "All we need to do is install two network cards and use one for the DMZ and one for the internal network." In honesty, I was not the first one to laugh out loud, my manager was.
The n00b was insulted and said that he had used this approach for one of his clients (outside of work) and so I ended up telling him that what such a plan would do is create a bridge between the DMZ and our internal network, making not only the database server vulnerable, but the internal network as well. The n00b had a few more, equally appalling suggestions, but in the end the group, collectively, brought him to a measure of enlightenment.
Of course we had the technical ability to do what n00b suggested, just like I've had the technical ability to do hundreds of other blatantly stupid things and several more that weren't quite blatantly stupid (even if they were of equally questionable value).
Perhaps more disturbing than a n00b fighting for a bad idea is that if the n00b had been higher up on the food chain, rather than the n00b he was, the situation might have turned out differently. I've certainly been in situations where I've known what was asked was a bad idea and would even likely turn to bite me in the nether regions, and still I've had to implement the bad idea because 'the decider' made the decision.
We all face such situations; in fact, they're far from uncommon. This is why Rule #17 states that too often 'we can' erroneously becomes 'we should' and 'we will'. Robert's Rule #17 is simply a recognition of a sometimes disturbing truth we, as technologists and engineers, live with every day.
A long time ago in a galaxy far, far away... I gave a lecture called Getting Paid to Think to an academic society. In it I presented a simple hypothesis - an education in the humanities and thinking (e.g., Philosophy) is more beneficial than a skill-based education (e.g., Computer Science). This blog is dedicated to getting you to think as I discuss a variety of topics, most of which are related to my career in the tech industry.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment