Tweet
Ok, we have this customer at Tile-based-game Pizza. He's kind of a know-it-all, arrogant bastard.
TLDR version: Dude puts out device in a mode where blocking can't be guaranteed, then complains about it not blocking well enough. Working as designed, but somehow, a manager convinces the dev team to change the design and then he still complains it doesn't work well enough.
Technical Mumbo Jumbo
You would think then, that since blocking malicious traffic is important, he would deploy our device in bridge mode so that blocking can be 100%. In this mode, the network path to the server passes directly through our device. If the device detects badness, it drops it, no fuss, no muss. The packets never reach the server, instead vanishing forever into the bit bucket.
Instead he puts the thing in sniffing mode. The device is not deployed directly in line with the server. Instead, a network tap sends us a copy of every packet. In this mode, blocking is accomplished by giving us a connection to the server, so we can send RESET packets to the server, pretending we're the end user trying to close the connection.
This results in a race condition: will the malicious user's packets reach the server first, or will our reset packets? Due to this, blocking is absolutely not guaranteed in this mode.
/Technical Mumbo Jumbo
Begin rant!
And then he complains about blocking performance being poor. Well gee, ya think?
Of course he understands that blocking in sniffing mode is not guaranteed, but recently it's been terrible!
Um, yeah? Whaddya want me to do about it? We've gone on webex, proved we're doing what we're supposed to do, and you're still crying. Maybe you should've been on one of those webexes yourself, instead of sending your flunky (who totally accepts our explanations, btw) to do it.
Unfortunately crybaby is buddies with one of our managers (possibly just in his head), and adds her to the email thread and works with her after (my) hours. Fine with me. Hands off. I got the OK from my manager. Even though the case is in my queue, we let the other manager work it, I don't get involved anymore. She basically takes over the case and even escalates it to the devs.
And they take it. They actually generate a patch for him. We implement a design change for him, because reasons, I guess. We changed our behavior in certain situations, to increase the number of reset packets we generate in our attempt to block. This is not a bug fix, the device was working as designed. We changed it for him.
And then the bastard whines again, crying boohoo, he applied the patch but it's still not blocking very well. And he has the gall to ask "what are next steps?"
You want next steps you special snowflake? Try using a mode where blocking is guaranteed!
TLDR version: Dude puts out device in a mode where blocking can't be guaranteed, then complains about it not blocking well enough. Working as designed, but somehow, a manager convinces the dev team to change the design and then he still complains it doesn't work well enough.
Technical Mumbo Jumbo
You would think then, that since blocking malicious traffic is important, he would deploy our device in bridge mode so that blocking can be 100%. In this mode, the network path to the server passes directly through our device. If the device detects badness, it drops it, no fuss, no muss. The packets never reach the server, instead vanishing forever into the bit bucket.
Instead he puts the thing in sniffing mode. The device is not deployed directly in line with the server. Instead, a network tap sends us a copy of every packet. In this mode, blocking is accomplished by giving us a connection to the server, so we can send RESET packets to the server, pretending we're the end user trying to close the connection.
This results in a race condition: will the malicious user's packets reach the server first, or will our reset packets? Due to this, blocking is absolutely not guaranteed in this mode.
/Technical Mumbo Jumbo
Begin rant!
And then he complains about blocking performance being poor. Well gee, ya think?
Of course he understands that blocking in sniffing mode is not guaranteed, but recently it's been terrible!Um, yeah? Whaddya want me to do about it? We've gone on webex, proved we're doing what we're supposed to do, and you're still crying. Maybe you should've been on one of those webexes yourself, instead of sending your flunky (who totally accepts our explanations, btw) to do it.
Unfortunately crybaby is buddies with one of our managers (possibly just in his head), and adds her to the email thread and works with her after (my) hours. Fine with me. Hands off. I got the OK from my manager. Even though the case is in my queue, we let the other manager work it, I don't get involved anymore. She basically takes over the case and even escalates it to the devs.
And they take it. They actually generate a patch for him. We implement a design change for him, because reasons, I guess. We changed our behavior in certain situations, to increase the number of reset packets we generate in our attempt to block. This is not a bug fix, the device was working as designed. We changed it for him.
And then the bastard whines again, crying boohoo, he applied the patch but it's still not blocking very well. And he has the gall to ask "what are next steps?"
You want next steps you special snowflake? Try using a mode where blocking is guaranteed!
I AM the evil bastard!
Comment