More Developer Madness

What is it with developer that they feel the need to do completely stupid things without a though for the consequences, just as long as it works? Are they just lazy perhaps?

I have come across a couple of instances in the last couple of days where developers have created shares on servers and left them wide open to abuse by anyone being a bit nosey on the network.
When I say wide open, I mean barn door wide open. Yes they put the Everyone group in with full control on both the share and NTFS permissions. Yes that’s right, I couldn’t believe it either; they even went to the extent of removing all the other users from the NTFS permissions. Complete and utter thoughtlessness and madness. 

I quickly created some groups added the users I was aware of that need access and added that in to the shares and NTFS permissions after I reset it all to defaults. This not surprisingly caused some problems as users that were expecting access no longer could and the support/developer people got the right hump, not surprisingly they backed down when it was explained how stupid they had been and what the consequences of their actions could have been.

Now most of the above problems are done to developers accessing live servers and making changes, no formalised change procedure and have developers that are external to the company with no internal skill set to support the systems that are critical to company’s wellbeing.

This situation has come about in company that has always used IT from the very early days, but it was always on a proprietary system based on VMS. That system was tweaked in house and those people that supported it were all well paid for their services. That system was and still is maintained in sensible way with change management. However, as PCs and Windows servers came in to the business there was no internal development skill set, Support that came in was a mixed bag of skill levels, managers often new just enough to blag their way in to th job but not enough to do the job properly and after 10 years of going from a file and an e-mail server to around 120 servers with little in the way of board level confidence and whole bunch of political nonsense we have an IT department that is only just about clawing its way in to the realms of a sensible managed and structured entity.

Though the reliance on contractors and external developers is a cause for concern, it would seem that those up the food chain are scared to employ people but will happily shell out huge sums for contractors as it comes under a different budget. Life span of contractor at my company runs to around 5-10 years it would seem, slightly longer than many of the permanent IT staff which is weird whichever way you look at it. But most weird when you realise that non-permanent staff are more loyal than permanent staff.

We have probably reached our size as far as servers go, well on the production side of things, Dev seems to growing more as does QA (Quality Assurance) or UAT (User Acceptance Testing) servers which I always thought were the same but found out today that they are not, it goes Dev -> QA -> UAT -> Production. This means that we should need about 300 servers in all and our non-production servers will outnumber our production servers 2 or 3 to 1 even though we have no in house developers.
Here’s a though, shouldn’t external developers develop on their own servers then move that code on to our QA,  UAT or pre-production servers then on to our live servers?

Or to put that better it should be the developed on their server, then they give the code to us with update instructions to apply to pre-production which we test against copies of our data and then move in to our production environment once we understand what the changes are and how they affect things. Thus we build up a fundamental knowledge of how things work and how to fix things when they are broke rather than ring up an external support consultant when he is on the beach in Barbados to rerun a failed SQL data import as none of the Application Support team knows how to do it, yes I agree perhaps they should be renamed Application Receptionists as all the seem to do is forward calls to the developers.

We have even shipped our production data to developers on a hard disk to test against. Am I the only one who sees this as something wrong?

I battle daily for order, structure, clarity and common sense in IT, the above examples help to strengthen my case and it is becoming more accepted further up the food chain, though I suspect it will be several years and few more bumps before we reach nirvana.

Comments

Post a Comment

Popular posts from this blog

Scripting DNS entries

For reasons to do with DR we needed to change our IP addressing scheme, either for our servers or for our PCs and printers and what not. Obviously changing PCs and printers was a whole lot easier due to the possible issues of inept developers’ hard coding IP addresses causing no end of problems with re-addressing the servers. This has entailed changing all the DNS entries for our printers, (whatever happened to the paperless office?) That in itself is no real challenge, they all have web interfaces so a quick connect and amend the setting then next printer. Updating the DNS entries was going to be a bit tiresome so I did a quick Google on how to do this with a script and up popped DNSCMD. You can run this from a CMD box on your PC, the main options you need to know are /recorddelete and /recordadd. To delete a record you simple need to type dnscmd <ServerName> /recorddelete <ZoneName> <NodeName> <RRType> <RRData>[/f] What does all that mean? Well i
Read more

Enterprise Vault - Failed Exchange Task

Here's another weird one. Enterprise Vault, we use this for e-mail archiving. It does a reasonable job. Probably no better or worse than any similar product. A couple of days ago I noticed that there was warning that it hadn't archived anything from one of our mailbox servers for a couple of days, not big issue as there is just a couple mailboxes on there as it used for testing at the moment. I had a look at the associated task and it was stopped. Started it and it failed. Error in the event log looked something like below The Task 'Exchange Mailbox Archiving Task for EXCH' failed to log on to Exchange server 'EXCH' using mailbox 'SMTP:EnterpriseVault@symantec.local'. Please ensure the mailbox has not been hidden, that the server is running and that the Vault account has sufficient permissions on the server. I went through every conceivable setting in AD, EV and Exchange trying to work out what had happened and why it wasn't working on thi
Read more

Windows Phone to iPhone - a painful transition

Windows Phone died a death due to a whole heap of incompetence from Microsoft.  My phone was an old Nokia 925, about 4 1/2 years old and bought and paid by my company. There were always low requirements for company phones, if it rung and you answered it, all was good. Then Hangouts reared its head (Google want to destroy MS, so WP support) but third-party support gave a stay of execution. The final nail was a requirement for out of hours support software that had no app for Windows Phone. I had to be “downgraded” to an iPhone 6s (yes, it is a low spec 2 version old iPhone, better hardware than my 925 but not really up there as a current version, how my company loves their staff, buy expensive crap rather than cheap crap). Stuff that just worked on my old phone, now needs 'me' to be re-engineered to work the Apple way.  This is only slightly less bad than the Google eat all your life and sell it back to you way, but it is like stepping back in to the 1990s Microsoft way
Read more