BOFH: We're miracle workers. But you want us to fix THAT in 10 minutes?
Psst. I can make your network super secure...
Episode 16 "What do you mean 'why's it not working'," the PFY asks.
"I mean WHY ISN'T IT WORKING? What's happened?" the Boss snaps, expecting an excuse that will be both technical and understandable to someone with his level of tertiary education.
"Nothing's happened, it's all the same as usual," the PFY responds, suspecting – as we all do – that the Boss' level of tertiary education was a degree in animal husbandry that only got as far as the wedding ceremony.
"Then why's it not working?"
"BECAUSE IT'S THE SAME AS USUAL!"
The Boss frowns. "Surely that means you should be on top of this by now?"
"No, 'usual' means it's a bloody pig's breakfast."
"So you're wanting to do your presentation, right?" the PFY asks.
"And you're going to be using a presentation in conjunction with a videoconference session?"
"And you say there's a problem with your presentation?"
"Yes, it looks all funny."
"AND there may be a problem with the incoming videoconference call because you now realised you got us to reject incoming calls at the firewall because people in meetings didn't like the ringing noise or the possibility that 'someone could snoop in on their meeting'."
"Yes." The Boss nods, still frowning in concentration.
"Despite us telling you (a) that the unit doesn't auto answer and (b) using the power switch on the wall will make it super-secure."
"I've been told it's safer doing it the firewall way," the Boss sniffs.
"So NOW we have to change the firewall config on the fly – because you don't know the number to make an outgoing call – even though we're into the no-changes-on-a-Friday window that YOU wanted us to implement, THEN tidy up your PowerPoint so it doesn't look funny."
"All before your presentation starts in... ” – the PFY looks at his watch – “... 17 minutes."
"Uh, 15 minutes, actually," says the Boss.
"And would I be correct in assuming that you have an OpenOffice presentation – because you're too cheap to buy MS Office for home, AND you're using some custom font with a name like Turkeyshoot Mascara, designed by your son who's studying design through self-paced learning during his gap year?"
"Hey" I say, getting in on the act. "Do you remember that time your son designed you a font but couldn't be arsed doing anything outside of upper and lowercase letters? No punctuation or anything?"
"What was that font name again, MonarcoRetardo?" the PFY asks.
"In any case" I say loudly, trying to bring the issue to a head. "There's bugger all point in bringing in something for us to fix with 10 minutes' notice."
"17 minutes," the Boss says.
"15 minutes," the PFY corrects.
"Actually 13 minutes," I say, looking at the clock. "Because you're rushing things. And you can't rush miracle workers. So the PFY here will edit your presentation and change the font to something both standard and universal."
"Like Courier 24," the PFY adds
"While I'll backup the firewall config to flash and then take a copy to my desktop then uh... disable the... uh... immutable.. configuration sequencer, rollback the redundant hot fix application modal switch, FIND the network configuration rule, CHANGE it, then push it all through the... trial application sanity filter – and if that passes release it to test, run the configuration sanity filter in test mode and if that passes release it to preproduction then run it through the preproduction configuration sanity filter and if that passes release it to production, run it through the production sanity filter, flip the switch to go live, reload the config, backup the config to flash and then to my desktop then if everything goes well, copy the config to the redundant standby firewall, disable the... uh... immutable.. configuration sequencer on the standby machine, rollback the redundant hot fix application modal switch on the standby unit, push the new standby config through the trial application sanity filter – and if that passes release it to test, run the configuration sanity filter in test mode and if that passes release it to preproduction then run it through the preproduction configuration sanity filter and if that passes release it to production, run it through the production sanity filter, flip the switch to go live in hot standby mode... and... we're done."
"How long will that take," asks the Boss.
"What, from now, or from when I started that previous sentence?"
"There's NO chance. We might've made it in time without the hot standby firewall but who knows what'd happen if we got the units out of sequence."
"Okay!" the Boss says, in Executive Decision Mode. "Disable that hot standby machine, update the firewall, right now, and we'll take our chances."
"You're... sure?" the PFY asks, having given the Boss' presentation all the panache of an 1820s typewriter while I had him distracted.
"Yes. This is important! The board have all flown to Edinburgh with the Director so they can see our videoconferencing presentation in action!"
"And you just found out about this 17 minutes ago?!" the PFY gasps.
The Boss ignores him.
"Ah," the PFY adds. "So it IS as usual."
“OK,” I say, tapping some nonsense in at the command prompt, closing the window, opening a ssh session to a Linux box and typing some more nonsense in there too. "All done."
"I thought you said it'd take ages?"
"Well, if we're going to slap a change in there it takes no time at all."
"Right!" the Boss says, stalking off to his meeting.
<13 minutes later in the comms room...>
"So you never applied the incoming call rejection rule in the first place?" the PFY asks, looking over my shoulder at the console of the firewall.
"Nah, I just switched the conferencing unit off at the wall," I reply. "Speaking of which... >CLICK<"
The PFY and I look on as the firewall box enters what we call super-secure mode. Our only firewall box.
"Looks like our firewall machine and the 'hot standby unit' are out of sync," I gasp. "We could have network problems for days!"
Sponsored: Becoming a Pragmatic Security Leader