I'm not saying all IT workers are stupid but...

[IronWing]

We have a system at work that requires a login name and password. If the database backing the system goes down there is nothing on or before the login screen telling the user of the system status. If you try to login when the system is down it reports a user name/password error. If you try to login three times it locks you out. That you are using the correct username/password avails you not. Then IT sends out nastygrams about the help desk being overloaded with account reset requests.

Cliffs
1) System down - no system status offered
2) Login screen still active
3) Users try to log in - fail
4) Login failures tracked and users get locked out

 

[Gunslinger08]

It seems like if you're using FBA (un/pw stored in a database), the failed attempts and lock out should be stored in the database as well. Doesn't make sense to me why the lockout would still happen. Sounds like the solution isn't architected very well.

To display an error before the login attempt would require them to run a general query (ex. Select getdate()), catch any exceptions, and display the message if it bombs. I've never seen this done though.

 

[Fritzo]

It seems like if you're using FBA (un/pw stored in a database), the failed attempts and lock out should be stored in the database as well. Doesn't make sense to me why the lockout would still happen. Sounds like the solution isn't architected very well.

To display an error before the login attempt would require them to run a general query (ex. Select getdate()), catch any exceptions, and display the message if it bombs. I've never seen this done though.

They may be using a radius system for authentication. This is common as attributes and access to systems can be easily given from a central location rather than having to manage accounts on multiple servers.

The problem being described may one of those "we know but there's no way around it without re-engineering the whole system" problems. I deal with a few of those myself.

 

[SpatiallyAware]

This crap is generally indicative of issues with the IT manager/director, not the the staff.

Personally, I blame the president/owners for stuff like that. They either didn't hire the right IT manager or they aren't managing him appropriately.

 

[mikeymikec]

(started writing this post after joshsqual posted) I agree with joshsquall. It sounds to me like something crazy is going on like failed attempts are stored at the client end, which would be laughably insecure and pointless.

A less crazy but still (at face value) silly possibility is that login attempts are stored in another database which isn't down. Surely the process of logging in should be serial though, even then:

1 - User sends login attempt
2 - Database of login details processes the login
3 - Result of login is posted via code controlling front end to login attempt database

If step 2 fails, then the process doesn't continue. I suppose that another possibility for the process could be that if step 2 fails, it proceeds to step 3 (not sure why it would be a good idea though) and also records a login return code, and if that return code is "login details database is down", then it doesn't count towards the number of consecutively failed login attempts.

Anyway, I would have thought that if the database was down, an error would be thrown at the client to say "unable to connect to database, please contact IT admin" or something similar.

What sort of system is it, a web-based front end or a front end app?

 

[unokitty]

My work email password expires every 60 or 90 days. (Can't remember which...)

If I try to access email from home after the password has expired, it doesn't give an error message. It just tells me that my password, or login id, is wrong. And off course, it doesn't allow me to reset the password from home.

Our IT department, firmly convinced if they could just get rid of all of the users, they could finally get some work done!

One mitigating factor, I like almost all of our IT guys. But they don't seem to be very well managed. And their departmental decisions don't seem to be based on very good information.

Despite the fact that many of our IT guys seem to be very bright, many of the systems that they have created seem obtuse. Of course, they don't standardize the application interfaces...

And their published processes are out of date. Standard response being "Thats not my job..." My favourite was the fellow that updates our DNS zone file. A few years ago, I built a grant funded web server and needed it added to our DNS zone. The published process was dysfunctional (didn't work -- no responses.) When I would call the fellow in charge of updating the zone, he would always answer his phone by saying "You're not supposed to call me..."

Though, he was a good guy and did hook me up eventually.

Of course, it doesn't help that I need multiple passwords to access different systems.

Its an interesting system where the formal processes rarely work. Though, with a bit of luck, informal processes seem to work...

Uno

 

[Vdubchaos]

This crap is generally indicative of issues with the IT manager/director, not the the staff.

Personally, I blame the president/owners for stuff like that. They either didn't hire the right IT manager or they aren't managing him appropriately.

Agreed

low end folks are just stuck with the stupid decisions that are made up top (without ANY consideration for end result, how, why or ANYTHING).

 

[Ghiedo27]

Try looking at it from the other side. The login clearly isn't working and 70% of the users go ahead and keep typing their password in until they're locked out. Now they're still working on getting the server up and they'll have a long queue of password resets to work through afterwards. So yeah, they might just send out an email about users being more aware about login procedure.

 

[pontifex]

Agreed

low end folks are just stuck with the stupid decisions that are made up top (without ANY consideration for end result, how, why or ANYTHING).

exactly. the people you are talking too have no power or make no decisions on what gets used or what gets changed. they can bring it up, but depending on the manager or other higher up people, it may never get changed.

 

[Brovane]

Try looking at it from the other side. The login clearly isn't working and 70% of the users go ahead and keep typing their password in until they're locked out. Now they're still working on getting the server up and they'll have a long queue of password resets to work through afterwards. So yeah, they might just send out an email about users being more aware about login procedure.

3 incorrect tries isn't very much. The way it is described is that the user could think they are typing in the wrong password and with 3 in-correct tries you get locked out.

 

[JeffreyLebowski]

There are no warnings because as shown time and time again, users ignore warnings and complain when something you told them doesn't work, doesn't work when they try it.

The moral of the story is end users will always find something to complain about, so why go out of your way to set something just so they can complain about it.

 

[SpatiallyAware]

There are no warnings because as shown time and time again, users ignore warnings and complain when something you told them doesn't work, doesn't work when they try it.

The moral of the story is end users will always find something to complain about, so why go out of your way to set something just so they can complain about it.

Are you managing the OP's IT functions? Kinda sounds like it...

 

[CVSiN]

This is funny because us IT workers think the users are brain dead CHUDs.

But in this case if no user could log in your IT dept and your infrastructure designer are both morons..
always have redundant AD DCs and this would never happen in the first place. the chances of BOTH or more Domain Controllers all being down at same time is slim to none.

 

[Zargon]

3 incorrect tries isn't very much. The way it is described is that the user could think they are typing in the wrong password and with 3 in-correct tries you get locked out.

industry standard practice.

This is funny because us IT workers think the users are brain dead CHUDs.

But in this case if no user could log in your IT dept and your infrastructure designer are both morons..
always have redundant AD DCs and this would never happen in the first place. the chances of BOTH or more Domain Controllers all being down at same time is slim to none.

yes this system sounds like fail, and it doesnt sound like AD, because well, you would get a 'could not contact DC' error

I'm not saying all IT workers are stupid but...

well thats a good thing because it would make you look pretty stupid

 

[Markbnj]

There are no warnings because as shown time and time again, users ignore warnings and complain when something you told them doesn't work, doesn't work when they try it.

The moral of the story is end users will always find something to complain about, so why go out of your way to set something just so they can complain about it.

Assume you're trolling. End users are like a force of nature: they get on a system and do hundreds of random things no programmer thought of. That's why we have beta testing. End users catch crap we missed. The OPs system is designed to cause problems by essentially funneling users down a workflow where their account will end up locked. It's horribly designed and implemented, period.

This isn't rocket science, and just about every developer knows the right pattern to implement for this specific use case. So I agree with the poster above who said they were probably dealing with a constraint from another authentication system they don't control.

 

[unokitty]

The moral of the story is end users will always find something to complain about, so why go out of your way to set something just so they can complain about it.

Must be tough. Providing support for people you don't respect. Fortunately it doesn't appear that that situation isn't likely to continue. For example:

"In the long run, the IT department is unlikely to survive, at least not in its familiar form," .... "It will have little left to do once the bulk of business computing shifts out of private data centers and into the cloud. Business units and even individual employees will be able to control the processing of information directly, without the need for legions of technical people."

From, The IT department is dead

Article about a book from the author of "Does IT Matter".

The future. Its not looking like the past.

Uno

 

[theevilsharpie]

"In the long run, the IT department is unlikely to survive, at least not in its familiar form," .... "It will have little left to do once the bulk of business computing shifts out of private data centers and into the cloud.

lulz

 

[ImpulsE69]

My work email password expires every 60 or 90 days. (Can't remember which...)

If I try to access email from home after the password has expired, it doesn't give an error message. It just tells me that my password, or login id, is wrong. And off course, it doesn't allow me to reset the password from home.

Our IT department, firmly convinced if they could just get rid of all of the users, they could finally get some work done!

One mitigating factor, I like almost all of our IT guys. But they don't seem to be very well managed. And their departmental decisions don't seem to be based on very good information.

Despite the fact that many of our IT guys seem to be very bright, many of the systems that they have created seem obtuse. Of course, they don't standardize the application interfaces...

And their published processes are out of date. Standard response being "Thats not my job..." My favourite was the fellow that updates our DNS zone file. A few years ago, I built a grant funded web server and needed it added to our DNS zone. The published process was dysfunctional (didn't work -- no responses.) When I would call the fellow in charge of updating the zone, he would always answer his phone by saying "You're not supposed to call me..."

Though, he was a good guy and did hook me up eventually.

Of course, it doesn't help that I need multiple passwords to access different systems.

Its an interesting system where the formal processes rarely work. Though, with a bit of luck, informal processes seem to work...

Uno

Much of that falls more on the company itself than the IT people or IT management. There is usually a lot of crazy politics and red tape to get ANYTHING done. They don't always go with what would work best for the company or easiest on the employees but instead what is best for their wallet because THEY don't have to support it. Since I moved to a rather large company, I have found this to be the case 99% of the time. They just don't want to spend the money to get it done right. That being said, there are many things people do that engineers and architects never think of. We run into that all the time with vendors, saying "hey why can't we do it this way, it'd be much simpler?".

What I find surprising is that in this day and age the number of people who use computers for work day to day and don't know their basic functions beyond checking their email and FB status.

 

[unokitty]

Much of that falls more on the company itself than the IT people or IT management. There is usually a lot of crazy politics and red tape to get ANYTHING done. They don't always go with what would work best for the company or easiest on the employees but instead what is best for their wallet because THEY don't have to support it. Since I moved to a rather large company, I have found this to be the case 99% of the time. They just don't want to spend the money to get it done right. That being said, there are many things people do that engineers and architects never think of. We run into that all the time with vendors, saying "hey why can't we do it this way, it'd be much simpler?".

What I find surprising is that in this day and age the number of people who use computers for work day to day and don't know their basic functions beyond checking their email and FB status.

I don't disagree. But everything you say was also true 32 years ago when I got my first job as an IBM Systen 370 Model 158 computer operator.

Then and now, many large organizations employed bureaucratic and dysfunctional decision making processes especially when it comes to capital expenditures.

This is complicated by the fact that capital intensive projects are planned, and funded, from the top down. Yet, computer projects, for the most part, are built from the bottom up.

From an organizational perspective, saying that the users are dumb or doing unexpected things ... well, my experience is that that excuse didn't work to well 32 years ago. Why should it work now?


What Professor Carr is saying is that 32 years ago organizations didn't have a choice. But now they do. And they are finding it advantageous to move from having their own IT backend to the cloud.

Why would you want to generate your own electrical power, when you can buy it from the electric company without having to make a heavy capital investment?

Why would you want to have an IT infrastructure full of people that think that users are losers, when you can just pay a cloud supplier? And every year, you have a savings in your organizational budget from all of those salaries that you have eliminated.

Every one has a different perspective, but the Professor has a point. And the cloud is not going away.

Uno

 

[Zargon]

I don't disagree. But everything you say was also true 32 years ago when I got my first job as an IBM Systen 370 Model 158 computer operator.

Then and now, many large organizations employed bureaucratic and dysfunctional decision making processes especially when it comes to capital expenditures.

This is complicated by the fact that capital intensive projects are planned, and funded, from the top down. Yet, computer projects, for the most part, are built from the bottom up.

From an organizational perspective, saying that the users are dumb or doing unexpected things ... well, my experience is that that excuse didn't work to well 32 years ago. Why should it work now?


What Professor Carr is saying is that 32 years ago organizations didn't have a choice. But now they do. And they are finding it advantageous to move from having their own IT backend to the cloud.

Why would you want to generate your own electrical power, when you can buy it from the electric company without having to make a heavy capital investment?

Why would you want to have an IT infrastructure full of people that think that users are losers, when you can just pay a cloud supplier? And every year, you have a savings in your organizational budget from all of those salaries that you have eliminated.

Every one has a different perspective, but the Professor has a point. And the cloud is not going away.

Uno

and who runs the cloud?

oh yeah, an IT department

LOL at "individual employees will be able to control the processing of information directly, without the need for legions of technical people"

the relational database will die soon after as most people have no idea how to sort or input anything

 

[unokitty]

and who runs the cloud?

oh yeah, an IT department

For most companies, IT services are a cost. Consequently, their IT departments are prime candidates for outsourcing.

For a cloud company, their product is IT services. Consequently, their IT department is a source of strategic advantage. That is, it is a resource that is vital to the success of the company and will never be outsourced.

The difference may seem to be subtle. But it can be the difference between being laid off and having your budget increased.

For example, the people that run the mail servers at compass point state college are a cost and can easily outsourced. In contrast, the people that run the mail servers at Google are strategic and won't be laid off.

You can say that both people provide IT services. But because they are strategic, the IT people at Google have a relatively secure future. The IT department at compass point state college, not so much.

You're free to think differently... But I still wouldn't bet against the cloud.

Uno

 

[alkemyst]

this thread is stupid.

 

[Zargon]

You're free to think differently... But I still wouldn't bet against the cloud.
Uno

Not everything is easily outsourced nor should everything be. That doesnt mean it wont be of course.

But any place of a decent size is going to need atleast basic IT staff to run smoothly. I've seen places outsource pretty everyone, and the few behind spend most of their time on the phone with said vendors.

and everyone gets slow service on it....

 

[StinkyPinky]

For most companies, IT services are a cost. Consequently, their IT departments are prime candidates for outsourcing.

For a cloud company, their product is IT services. Consequently, their IT department is a source of strategic advantage. That is, it is a resource that is vital to the success of the company and will never be outsourced.

The difference may seem to be subtle. But it can be the difference between being laid off and having your budget increased.

For example, the people that run the mail servers at compass point state college are a cost and can easily outsourced. In contrast, the people that run the mail servers at Google are strategic and won't be laid off.

You can say that both people provide IT services. But because they are strategic, the IT people at Google have a relatively secure future. The IT department at compass point state college, not so much.

You're free to think differently... But I still wouldn't bet against the cloud.

Uno

As someone who actually works at a college...I can tell you that there is no way that the IT Dept here is in any way under threat from the "cloud". In fact, the more gadgets and gizmos we get the more busy we are.

I suppose you're one of those people that thought emails would end our reliance on paper?

 

[Zargon]

plus the new thing is the private cloud

which is ya know, a cloud you run in house at geodiverse locations as one big cloud, for you