Tag: rant

You’ve got to learn to walk before you can run!

This is going to be a rant. If you are not into reading rants, please don’t continue.

I put out a tweet yesterday that said this.

“I’m so done. People can’t follow basic instructions, but expect to jump straight into building something complex on day one, then expect me to help when it inevitably goes wrong. You’ve got to learn to walk before you can run!”

I’ve had a few incidents recently that have nearly brought me to breaking point.

  • Someone wanted to install an Oracle database on Linux, but didn’t even know what an environment variable was. They claimed to have Linux experience, but literally couldn’t grasp what it meant to set or reference an environment variable, even when it was on the page in front of them.
  • Someone was “following” one of my installation guides, and said it was well written and easy to read, but wanted a step-by-step breakdown of what they had to do. What? I know I’m not perfect, but that is literally what the article was.
  • Someone else seemed incapable of pasting code into a shell. Having said they were doing exactly what was in my article, it became clear they were doing nothing of the sort.

These are just three incidents, but they are the tip of the iceberg.

Back in the day there used to be a forum on my website, but I closed it down because I was wasting loads of my time trying to help people, who had no intention of helping themselves. I wrote some posts about it over the years.

Over the years I’ve had several discussions about this with other members of the community. I know this happens a lot to everyone.

Part of me feels really bad, because I’m supposed to be this community guy, but I really can’t cope with people who have not even tried to get some basic skills under their belt before launching into something more complicated. I’m sorry, but if you’ve never seen Linux before, you probably shouldn’t be trying to install Oracle RAC on it. If you’ve never installed a database before, you probably shouldn’t be thinking about installing Cloud Control.

How many people turned up to the Olympics this year with no previous experience and took home a medal? How many people sit university final exams without ever studying the subject before? It sounds bloody stupid right? Yet people expect to do complex tech stuff without any grounding in basic skills.

I don’t know if these people are delusional. I don’t know if their boss is an idiot, and asking them to do something that is clearly beyond their capabilities. I feel sorry for them if they are under pressure to do this, but I can’t work miracles, and I’m not being paid to do their job for them. Simple as that.

I look at my website stats and I’m clearly helping a large number of people, so I think I’m doing my share already. Sorry, but not sorry!

Cheers

Tim…

Upgrades : You have to do them. When are you going to learn? (TLSv1.2)

Questions:

  • Do you remember when SSLv3 was a thing?
  • Do you remember when everyone disabled SSLv3 on their websites?
  • Do you remember how loads of people running Oracle database version 11.2.0.2 and lower cried because all their database callouts failed?
  • Do you remember how they were all forced to patch to 11.2.0.3 or 11.2.0.4 to get support for TLS?
  • Do you remember thinking, I’ll never let something like that happen again?

I’m so sick of saying this. I know I sound like a broken record, but it’s like I’m living in the movie Groundhog Day.

There is no such thing as standing still in tech. It’s like swimming upstream in a river. It takes work to remain stationary. The minute you stop for a rest you are actually moving backwards. I’m sure your next response is,

“But Tim, if it ain’t broke, don’t fix it!”

The minute you stop patching and upgrading, your application is already broken. Yesterday you had an up-to-date system. Today you don’t. You have stopped, but the world around you continued to move on, and sometimes what they do will have a direct impact on you.

The security folks have been complaining about TLSv1.0 and TLSx1.1 for ages, but we are now in the position where the world and their dog are switching off those protocols, and the “we don’t need no stinking patches or upgrades” brigade are pissing and moaning again.

You knew this was going to happen. You had plenty of warning. It is your fault things are now failing. The bad decisions you made have led you to this point, so stop blaming other people. IT IS YOUR FAULT!

Where do you go from here?

First things first, start planning your patch cycles and upgrade cycles. That isn’t a “one time and done” plan. That is from now until forever. You’ve got to keep your server operating systems and software up to date.

If you can’t cope with that, then move to a cloud service that will patch your shit for you!

I know upgrades aren’t necessarily a quick fix, as they need some planning, so you will need some sticking plasters to get your through the immediate issues. Things to consider are:

  • Your load balancers and/or reverse proxies can hide some of your crap from the outside world. You can support TLSv1.2+ between the client and the reverse proxy, then drop down to a less secure protocol between your reverse proxy and your servers.
  • You can do a similar thing with database callouts to the outside world. Use an internal proxy between you and the external resource. The connection between your proxy and the outside world will speak on TLSv1.2+, but the callout from the database to your proxy will speak using a protocol your database can cope with.

These are not “fixes”. They are crappy sticking-plaster solutions to hide your incompetence. You need to fix your weak infrastructure, but these will buy you some time…

I don’t really care if you think you have a compelling counter argument, because I’m still going to scream “WRONG” at you. If you don’t think patching and upgrades are important, please quit your tech job and go be incompetent somewhere else. Have a nice life and don’t let the door hit you on the ass on your way out!

Cheers

Tim…

PS. You know this is going to happen again soon, when the world decides that anything less than TLSv1.3 is evil.