If I have to have this conversation again, somebody is getting hurt

[syberghost.livejournal.com]

About once a month we get a request from one of our projects to add some more firewall holes for new applications (or old applications they forgot to request) so the test team that was outsourced to India can get to them. The firewalls are under the control of another group, and they have strict outage windows, so typically the testers aren't available during the window and have to test the next business day.

Every single frakking time, I get this conversation:

test: Server foo on port N is working, but servers bar, baz, and quux on port N aren't working.

me: There isn't an application running on port N on those servers currently. You need to either:

a) Use telnet and watch how long it takes to time out; if it's quick you got through the firewall and rejected at the server, if it's forever it may be firewall, the error (from Windows) is the same either way.

b) Have the Environment Management guys for that project start the applications for you before you test them.

c) As a last resort, start a conference call with me, the EM guys, and you testers to make sure nobody is starting the applications, and I'll set up a temporary listener daemon for you so you can test this.

it'd be a lot easier if you just payed attention to the time it takes telnet to time out.

test, hours later: we tried again with telnet, it's still not working. Here is a screenshot of the errors.

me: Hello, is this thing on? I need to know how LONG it took to get the errors, not see the errors again; it's the same error whether the firewall change is there or not.


Face, meet shotgun; shotgun, face.

Comments

[lihan161051.livejournal.com]

Um .. they're outside your intranet needing to connect to internal servers for app testing?

Nobody on their end wants to bother with creating a satellite intranet on their end that tunnels into yours via VPN?

Or are they outsourcing to more accounts than just you and just want your LAN to roll over and show them (and every hacker who can also see it) its nice soft furry belly?

feh. People who don't grok networking .. it hurts to talk to them ..

[lihan161051.livejournal.com]

That being said .. +1 on suggesting that people actually pay attention to whether it's an immediate error or an error after timeout. God knows the OS won't tell you anything useful. (Puts me in mind of a certain popular browser which, in recent versions, finally started telling people "You are not connected to the Internet" .. but now it tells them that in response to *anything*, and same deal, the gold answer-wise is in whether it throws that error immediately or waits about 2 minutes and throws it after a timeout..)

[lihan161051.livejournal.com]

And "tried that, it doesn't work" is THE most useless answer to any troubleshooting step either. ("I *fucking KNOW* it "doesn't work", that's why you're talking to me. What I *need* to know is *what it DOES do*, and *as I said already*, I need to know timing details you have so far creatively avoided giving me. DO NOT send me any more screenshots, I already know what it says on your screen.")

Gods, I wish I could say that to people sometimes without being fired almost instantly .. :D .. it would be *glorious* ..

[lihan161051.livejournal.com]

gah .. ^either^ever^ .. can't fscking type today ..

[syberghost.livejournal.com]

For legal reasons, what they can connect to has to be controlled. I have learned not to argue with our legal department; people tend to disappear. If it were me, they'd all use NoMachine NX to connect to a couple of Solaris servers inside my LAN and run all their tests from there; but I don't get to do that.

[octalbunny.livejournal.com]

Can you give the test team an application that tries to connect, and prints out the time it takes to fail?

[syberghost.livejournal.com]

Bleargh. Any solution that requires me to write a Windows program = FAIL.

Maybe if I could guarantee they all had ActivePerl, but I'm not touching a C compiler for this, no way.