THE DIARY OF A GEEK IN OXFORDSHIRE

Solving the World's problems with common sense and a flamethrower.

Monday, October 15, 2007

In Praise of the Dumbshield

Boxers and rugby players - in fact, anyone taking part in an active pursuit - wears a gumshield to protect their teeth.

Those of us in the IT Support business, though, have no need to protect our pearly gnashers. Rather, it's our poor battered brain cells that suffer the slings and arrows of outrageous lusers.

So - I'm sure you can agree that we all wear our very own mental Dumbshield.

As we work our way through the day's idiocies, our Dumbshield effortlessly counteracts the stupidity of those with which we wrestle. It is the Dumbshield that insulates us against the excesses of users and inures us to their cretinous witterings.

Were it not for our Dumbshields - well, let's just say that there'd be a waiting list for water towers. And rifles.

So it was unfortunate today that my Dumbshield was almost defeated - by a series of heinous attacks not by the Generally Clueless, from whom I expect nothing more, but by those in our own rarefied profession.

Part One - On the difference between inside and out
So our largest client does a great deal of work for a Major Computer Company. To protect the guilty, I will call them Halfwit Packrats. In order to facilitate the work done for Halfwit Packrats, $CLIENT has a VPN. Supplied by Halfwit Packrats, and 'supported' by them too.

Anyhoo - overnight Halfwit Packrats update the VPN client. Without telling $CLIENT, who suddenly discover a marked inability to connect to the VPN. Call us. We troubleshoot, and I end up talking to a Helldesk Drone from Sector 7G (VPNs) of Halfwit Packrats.

  • Me: "Have you changed the VPN gateway?"
  • HD: "Yes, it's foo.bar.baz.qux".
  • Me: < fx="clickety-click">"No, it isn't"
  • HD: "You also need to add this IP to your outbound ACL - foo.bar.bop.blah"
  • Me: *sigh* "Nope - that's an internal address."
  • HD: "Add this one too! blah.blah.blah.blah"
  • Me: < whimper > "So you've gone from one gateway to three - two of which are internal, all of which are to be used simultaneously? Why - and how?"
  • HD: "Well if you want to access the Halfwit Packrats VPN, you'll actually need to open the following address range - foo.bar.0.0/16 outbound"
  • Me: "That /16 just happens to be <> YOUR ENTIRE INTERNAL ADDRESS SPACE FOR THE ASIA PACIFIC REGION!"
  • HD: "Durrrr...well you need to permit that address range on the firewall"
  • Me: "OK, pretend I have no Clue and that you understand what you just said - then explain to me how my lusers connect to every single internal address on your network, including how doing that would, in any way, relate the the concept of Virtual Private Network. Oh, and don't forget to add in how they would actually reach your INTERNAL addresses across the Internet."
  • HD: "Oh, they can reach them easily through the VPN Concentrator".
I could almost hear his personal lightbulb come on as he spoke.
  • Me: < mode="sweetness & light"> "Ooo, a VPN Concentrator! You don't think I might have the address of it, do you?"
  • HD: "It's blah.blah.blah.blah".
One < fiddle > in the ACL later, and LO, the VPN did arise again, and packets did move on the face of the ethernets.

Dumbshield Status: 60%

Anyway, I cheered myself up by resolving a couple of easy calls and slurping vast vats of coffee - and just as my mood was brightening, An Email hit my Inbox.


Part Two - On Fault Reporting
This was a good email. This email came from our support colleagues in Eastern Europe, who are supposed to be our opposite numbers in both role and skillset.
The Email Said Thusly:

"We are having problems connecting to $DATACENTRE. Please resolve"

Well, let's see, you Euro-Plonker.

"Can't connect to $foo" is most assuredly NOT a valid fault report. I'd expect that sort of muppetry from a Common-or-Garden Luser, but another Helldesk? Where's the screenshot of the error message? A traceroute? Basic stuff, chaps. Perhaps the mental torture of drafting a 9-word fucking email forced a temporary neural shutdown. Or perhaps you're just cretins. I remain undecided.

One brief email ensues, explaining that the (non-specific) outage was caused by a transient network error, now resolved. Of course. Call closed.

Dumbshield Status: 30% - Warning, Dumbshield Levels low, Luser penetration possible

More coffee ensues, and I while a few happy minutes trying to work out why $SENIOR_PERSON had a spam hit her Inbox suggesting that she might like ejaculate on her face. Then - the grand finale.


Part 3 - On the Difference between My Problem and Your Screwup
Another email hits - this time from one of our Oracle DBAs - again, someone we could reasonably expect to have at least a basic degree of Clue.

My faith in humanity - or at least, Orrible DBAs - takes another beating as I read the HTML dribble in front of me:

"The VPN is broken. I can't connect."

Oh, my VPN is broken, is it? Is it really? Then what, precisely < checks > in the name of ARSE am I connected to?

A few more < clickety-clicks > and I start to wonder.....

...Reset user password. Wander over to Orrible DBA's desk.

  • Me: "Would you try logging in with this new password?"
  • ODBA: "Well that won't work, the VPN's broken"
  • Me: "Humour me - please"
  • ODBA: "OK then" < fx="clickety">
  • ODBA: "Hey, it works! You fixed the VPN!"

< gibber > Shield Down! Shield Down! Dumbshield has Failed!

So I'm slowly bouncing back now - but I need to get a new Dumbshield.

Lusers, lusers everywhere, even where you'd expect Clue. My cynicism meter needs recalibration.

Posted by Dungeekin at 8:11 pm
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)