Just a regularly abnormal day
-
Just got this in an email
I can send the latest application source code in a zip file... not sure if what is on our svn on the off-network network is totally current...
At the moment our dev and test webservers are unavailable. The test sql server also not there. But dev sql server still appears to be there and responsive, but very slow. Not sure if it's really 100% there or just gobs of packet retries going on due to the rest of the network issues...
Let me esplain:
- We have a version control server but it's not used because it's not on our main network. It's only available on a network that can't be accessed from anywhere except special wall jacks. (I keep my code somewhere else)
- This particular developer can't get to the dev or test webservers. That's really bad because he's normally the only developer that can. (You read that correctly. Only one developer on our team has an SA account with access to the dev and test web or database servers.)
-
Wow, that is even more useless than not having VC at all
-
There's an "off network" network?
Only one developer on our team has an SA account with access to the dev and test web or database servers.
-
Worst part is that the "lead" came up with the idea and still thinks it's a good one.
-
can't be accessed from anywhere except special wall jacks
-
Git FTW? Commit stuff locally, send to repo when plugged into the magic wall jacks?
-
-
YMBNH.
I'm really not. I know blakey hates Git, but I had a feeling the rest were ambivalent about it. This would actually make a great use case for git. You can even use git-svn to interface with an existing SVN server and dcommit stuff only when plugged into the magic jacks while doing normal development the rest of the time.
-
Or, y'know, just not have a retarded two-network system.
-
the "lead" came up with the idea and still thinks it's a good one.
What is his/her rationale?
-
Or, y'know, just not have a retarded two-network system.
Well obviously they're , but at least they can use git as a workaround for the system that's the real
-
Probably using a separate VLAN and stopped up at the firewalls.
-
Not even close.
Separate wires, power and boxes. Only access from there to anywhere is via a Verizon Air Card and that only works from the inside out.
-
Working with the powers that be has been well beyond impossible for years. Our code repository was supposed to be moved to a different server but was down for months so some kind of workaround was needed. We're not supposed to have code off site so he came up with this plan. He doesn't see deeply so this seemed reasonable from his perspective.
-
BTW: Got kicked out of my office space today and told to work from home (YAY) so now I won't have access to the magic blue jacks but a couple of times a month.
-
I do not understand why people do not use private repositories on GitHub. What is this fascination with running a server and keep struggling with it, or care about it for what it is worth.
-
You have a lot more control in-house. Perhaps it's your security policy. Perhaps you want to restrict access to LAN IPs only. In many cases I'd be inclined to agree with you, but outsourcing everything isn't necessarily for everyone.
-
Let me esplain
... while taking a stroll down the esplainade?
they can use git as a workaround for the system that's the real
The fact that git is the saner option compared to what they already have is TR
-
I do not understand why people do not use private repositories on GitHub.
In case of a lawsuit you may be in a better position if you have everything in-house and have control over all the information about the development process. A third party is more likely to give away information as soon as a strongly worded letter from some lawyer arrives.
-
We're not supposed to have code off site so he came up with this plan.
But you guys have laptops right? Otherwise there would be almost no reason not to be jacked into the right network (well, unless that network is really isolated from everything else, in which case we have a bonus ).
-
Why just use a second NIC, I hear an USB NIC is a few dollars. Then route between the segemtns so everybody profits.
-
And now for another installment of Lorne Solves Everything:
- find a magical blue jack
- Pull out the faceplate
- Disconnect the cables from the back of the jack
- Crimp a RJ-45 head onto that cable
- Plug that RJ-45 into a wireless router that can bridge between networks
- Set up that router to allow you access from your work network, to your source code network (even from VPN)
- Take another rj-45 cable
- Plug one end into the router
- Cut the head off the other, and expose the wires
- Re-crimp those wires to the Magic Blue Jack
- Hide the wireless router in the wall
- Reset the faceplate for Magic Blue Balls
You now have direct access to the network when you're working from home. People still have their Magic Blue access. No one is the wiser.
Stay tuned for Lorne Solves Global Hunger-- or something important like font size in Steam or something.
-
That's a fireable offense. They monitor the network diligently. They actually have vans driving around the "campus" with WiFi monitoring equipment in them.
Actually, if the got their panties in a kerfuffle it could be time in federal pound-me-in-the-ass prison.
edit: I said it again again.
-
route between the segemtns
I don't know if I've ever come across a device that had support for segemtning a network before...
-
You win the bonus
unless that network is really isolated from everything else,
This "network" terminates in a closet a few feet from my desk and is hooked up to about a dozen, at most, other workstations. There is one operational server in the closet and OMG there isn't even a scheduled backup.
-
So in other words:
- Connect to the "magical network", be able to reach the source control but unable to search Internet references or deploy it.
- Connect to the "plebs network", be able to reach everything important but unable to commit sources.
That sounds like jumping through hoops alright...
You haven't answered whether you (and especially the person who came up with this segregation) have laptops, because that would mean the source leaves the premises daily, making this whole dance obsolete.
-
Git FTW? Commit stuff locally, send to repo when plugged into the magic wall jacks?
You've solved half your problem - you can't commit. But you didn't solve the other half - making sure your code actually exists somewhere other than your laptop, or anyone else's problem - making sure that everyone else can get to it. Also, the half of your problem you solved is the less important half.
-
Like talking to my lead.
-
Just set up each person's computer as a git server and actually use the D in DVCS.
-
Sounds like a wonderful idea - n people's changes get send to n-1 other people. The obvious next step is to set up a central server on the common network - in which case, all you've done is the sane thing - move source control to the right network. That means, of course, that it violates whatever policy got the source control system move to Siberia in the first place.
-
I do not understand why people do not use private repositories on GitHub. What is this fascination with running a server and keep struggling with it, or care about it for what it is worth.
Seriously? You would trust your company's IP to a hosting provider that has no contractual obligation to maintain any particular level of service? What happens if they have a system glitch that mangles your files? Or allows strangers access? Will you be happy knowing that they really didn't mean to? What will be the damage to your project and your employer? Who is going to get the blame?
Github may be fine for open source projects and non-commercial products, but if you're working on code that your employer relies on to remain in business, you really want your solution, whatever it is, to be in-house. If you don't know enough to set up something good, then hire a consultant to make sure it's done right.
If you can't afford it, then maybe the code really isn't worth that much after all. But if it is, can you afford to lose it or have it get leaked to the public or to a competitor or to a law firm looking for an excuse to sue you?
-
That's a fireable offense. They monitor the network diligently. They actually have vans driving around the "campus" with WiFi monitoring equipment in them.
Actually, if the got their panties in a kerfuffle it could be time in federal pound-me-in-the-ass prison.
They're that concerned about security, but they'll let you remove a copy of the code to work from home? That's TRWTF.
-
They have vans with wifi monitoring equipment but that can't setup a server?
-
Not the same group of people. It's an extremely large organization.
-
Got ya. We should make "extremely large organization" a three letter acronym -- ELO.
-
I'm really not. I know blakey hates Git, but I had a feeling the rest were ambivalent about it.
http://vincekotchian.com/wp-content/uploads/2014/05/Wrong.jpg
-
@Lorne_Kates said:
And now for another installment of Lorne Solves Everything:
find a magical blue jack
Pull out the faceplate
Disconnect the cables from the back of the jack
Crimp a RJ-45 head onto that cable
Plug that RJ-45 into a wireless router that can bridge between networks
Set up that router to allow you access from your work network, to your source code network (even from VPN)
Take another rj-45 cable
Plug one end into the router
Cut the head off the other, and expose the wires
Re-crimp those wires to the Magic Blue Jack
Hide the wireless router in the wall
Reset the faceplate for Magic Blue BallsYou now have direct access to the network when you're working from home. People still have their Magic Blue access. No one is the wiser.
Stay tuned for Lorne Solves Global Hunger-- or something important like font size in Steam or something.
-
You've solved half your problem - you can't commit. But you didn't solve the other half - making sure your code actually exists somewhere other than your laptop, or anyone else's problem - making sure that everyone else can get to it. Also, the half of your problem you solved is the less important half.
Yes, but you can continue to work without having to put multiple things in a commit or something like that in the periods between being able to talk to the server.
-
-
Yes, but you can continue to work without having to put multiple things in a commit or something like that in the periods between being able to talk to the server.
As I said, you solved the small part of the problem. Committing to a local repository is not a whole lot better than simply not committing. The main benefit you get is well-commented atomic units of commitment - but if no one else sees them and they aren't backed up, you are solving the wrong problem first. After you've solved the right problem, local commits become unnecessary.
-
After you've solved the right problem, local commits become unnecessary.
No shit. No one is arguing that the network situation is a good thing.
-
You can just email a zip of the
.git
directory. Then all you need to do is extract it in an empty directory and rungit add --all && git reset --hard
to get the latest source code. Not many people know this.
-
Seriously? You would trust your company's IP to a hosting provider that has no contractual obligation to maintain any particular level of service? What happens if they have a system glitch that mangles your files? Or allows strangers access? Will you be happy knowing that they really didn't mean to? What will be the damage to your project and your employer?
With git, the only real concern would be unauthorized access. All the other things would be really hard for Github to do worse than the average company.You cannot even mangle files in Git unless you introduce another commit.
Running a server is not trivial. If you can pay a few bucks to somebody who does it on a bigger scale you are going to profit from their expertise.
Who is going to get the blame?
The fucking idiot who insisted on doing it himself?
-
hosting provider that has no contractual obligation to maintain any particular level of service?
Do you have first hand experience with GitHub?
There is bitbucket too, and perhaps more companies, so I may find one that does have better contracts.What happens if they have a system glitch that mangles your files? Or allows strangers access?
What happens if you have a system glitch that mangles your files? Or allows strangers access?If my business is in the business of doing something server related, it makes sense to also host a git server. If strangers are after my IP, I will have to pay for a security expert who also does sysadmin. I firmly believe security is difficult and big companies do it better, at lower price too. Competent security experts who also do sysadmin do not work for free.
Will you be happy knowing that they really didn't mean to?
Will you be happy knowing thattheyconsultant/employee really didn't mean to?then hire a consultant to make sure it's done right.
Nope, either know-how should be in-house or a service is better. Consultants are too expensive and I cannot shout at them.
-
You would trust your company's IP to a hosting provider that has no contractual obligation to maintain any particular level of service?
If you're using GitHub private repositories, you're using a paid account. If you're paying for stuff, you'd also have spent the time to look at the SLA that they're committing to, yes? Paying for a service and not knowing what sort of service level that gets you would be TRWTF…
-
But you guys have laptops right? Otherwise there would be almost no reason not to be jacked into the right network (well, unless that network is really isolated from everything else, in which case we have a bonus ).
Why does everyone keep saying things like this? I don't know for sure about this case, but there are many situations where an air-gapped network is appropriate, even desirable. Nuclear plants, airplanes, chemical factories, key generation for security certificates, etc. Protecting software may be overkill, but it's not necessarily a .
-
in this case it is a wtf. I too am tired of bullshit in the name of a false security.
The source code is in their laptops, and they are in the plebs network. They aren't protecting anything, they are just being stupid assholes.
-
I don't know for sure about this case, but there are many situations where an air-gapped network is appropriate, even desirable.
I've twice worked with the "use this wall jack for network A, or this one for network B" setup. In my previous job, the blue network cables were for the unclassified network and the red cables were for the classified network. We also had two system drives with a caddy arrangement, and you had to boot from the classified system drive to be able to log into the classified network. The classified drive had to be locked in your safe when not in use and overnight. This was all pretty reasonable from a security standpoint.We also had that arrangement here for a while, where our test network was isolated from our main network (with a few bridges for deployment purposes, I forget the specifics now). This allowed us to have a truly identical test and production setup (same hostnames, etc) which meant fewer things to go wrong when deploying. At that stage I had a separate computer on my desk specifically for accessing the test network. When they stopped doing things that way, they just took away the test environment altogether. Initially that was only going to be for six months, but that was several years ago. (Now we're doing a push to migrate to AWS and they're talking about possibly setting up a test environment there, if we decide we need one.)
-
They have vans with wifi monitoring equipment but that can't setup a server?
never seen so many bleedin' aerials
-
Why does everyone keep saying things like this? I don't know for sure about this case, but there are many situations where an air-gapped network is appropriate, even desirable
Sure. But only if the computers on that network are isolated and don't ever connect to other networks.
If employees can transfer code to computers that are later connected to the internet, then the entire purpose of the air-gap is undermined. They can get malware when at home, which will propagate into the "secure" network when the computer is later attached.
Allowing any unauthorized media (like flash drives, iPods or installers for unapproved software) to connect to a computer on that network violates the air gap and is a vulnerability. (Many believe that that's how Stuxnet got into Iran's air-gapped secure network.)
If you have a need for an isolated network, then you must keep it truly isolated and must have strict controls over everything going into or out of that network. Allowing employees to connect and disconnect their equipment at will undermines the entire system.