troy and elephants

Recently we have been receiving many emails about security vulnerabilities in internet facing websites, almost everyday, which resembles the story about 5 men describing how the elephant is like based on touching the ear, trunk, leg, body, tail.

Email 1: please ensure that all internet applications have proper security.

Email 2: please ensure that all vendors check their applications to ensure that there are nov vulnerabilities. 

Email 3: please conduct your own security tests before monitoring them because any high risk alert detected will be a big issue. 

Email 4: please make sure all vendors are prepared for the xxx scan exercise on auspicious-date. 

Email 5: please make sure applications are secured against sql injection attacks. 

The worst case scenario is if this elephant is role playing the horse in the invasion of troy. Meanwhile we still will be pre occupied with elephants.

recent ramblings on how i talk with common sense

Individual applications need to raise their own SR (service requests) to check their connectivity to the mail server. That was what my colleague told me when I asked whether the connection to the new mail server resolves the email sending problem, he said it didnt resolve his problem, and even though the firewalls have been cleared, individual applications (read: servers) need to raise their own SR to check that the firewall is indeed cleared.

Huh? I was stunned. My colleague gave me a frustrated look and said that he had been arguing with the network guy to no avail, and arrived at this arrangement, so I went to talk with the network guy.

Me: Why do I need to raise 5 people to raise 10 SRs to check the connectivity to 1 stupid mail server?

Network guy: Because each server is different.

Me: And so you mean the firewall clearance is different for each server hence require a different SR to test?

Him: Technically yes.

Me: It's a waste of time. Did you raise 10 requests to clear 10 IPs and ports to 1 stupid mail server? No right? You combined all into 1 request, so why is it now my job to ensure that your firewall request is done, and by that I mean having to test the connectivity for each server to the mail server?

Him: It's ok, I will do it.

Me: Ok good.

I went back to my colleague and told him the network guy said he will do the connectivity test for all the servers. He was flabbergasted because he felt like he wasted his time raising the SR for his own application. That was few days ago.

Today the infra guy (not the network guy) sucked a good few hours of my time trying to convince me that his technical specifications for a project was sufficient. At first I told him just stating the server model and RAM (memory) is not enough, and the specs are too low for me as well, after 2 days, he came back with a revised specs, slightly better, with more information, but still no OS (operating system) information.

Me: So if the vendor gives you unix will you take?

Him: No.

Me: Why? You didn't say you don't want unix you know?

Him: They should know we use windows.

Me: Why should they know when you didn't say?

Him: It's implied that we use microsoft products, so they should know we use windows server.

Me: I can use microsoft products, but my DC (domain controller) is unix, right?

Him: Yes.

Me: So is writing windows server important?

Him: Let me think about it.

Me: What if they tell you they want to install a unix DC because in your specs you didn't say you already have a windows DC? Will you let them install?

Him: No.

Me: So? Are you going to write that you are using a windows DC?

Him: We don't write this in specs normally, let me think about it.

Me: You can think, but I want it in.

No moral of story, just ramblings.

having committee meetings in my head everyday

What I like about psychological tests is that despite all the generalisation, and how unique I feel I am, I still feel that it describes me. My team recently did an assessment on our emergenetics profile and mine says this:

She has two thinking preferences (Analytical and Structural) from the "left brain" and one (Social) from the "right brain". This gives her brain a slight bias for the logical and rational over the intuitive and inspired. She has two thinking preferences (Structural and Social) that are concrete and one (Analytical) that is abstract, giving her concern for details and practical matters a slight edge over theorising and speculating.

The gift of the tri-modal thinker is the ability to empathise with other ways of thinking. She can understand nearly anyone. She can be a catalyst or a facilitator in a group and help promote understanding among the team members.

The stress of having this profile comes from being "Jack of all trades by master of none." She is not always able to sort out her thoughts or feelings about an issue, all sides of the issue make sense. Most likely, making a decision is difficult and time-consuming. As one tri-modal explained, "My brain needs to weight all sides of the question. It's like the committee has to meet, and sometimes the committee fights with itself!"

It really describes how I feel everyday - having committee meetings in my head everyday. It's amazing how it happens, and nobody can really imagine how it feels unless one experience it first hand. It is very tiring to listen to internal debate everyday, and it increases proportionally with my work (read: issues that I have to resolve). I am always the last tower in tower defense terms and I always need to try to influence others to position myself as early as possible in the game and yet still be able to cover the back). Sometimes I see myself as playing 10 boards of chess concurrently everyday. When I was younger, I used to suspect I had a minor split personality disorder. After reading a bunch of literature, I conclude that I wasn't because split personality disorder people are not conscious of the different personalities. I even thought that maybe I was possessed by another being because it became very scary when I had the whole scene visualised in my brain before I actually see the sequence of events happening -  everything happens according to what I plan. As I grew older, I started to accept that it's just the way my brain works, and used this gift to help others understanding themselves better, and lead happier lives.

lessons on interrogation

Today we met up with our vendors to resolve a 1-month old problem, SMTP set up. The last part of the saga was when I went around asking people how they configured their SMTP settings (because I haven't done it before), and also googling and reading how to send SMTP commands, only to have people asking me, "why isn't your vendor doing this for you?" "you are the first person I know who helps their vendor do such things" "why are you helping them?"

Simply because I didn't have a choice. The user calls me every 2 hours the past 2 days to ask me how to resolve the issue, saying that all the web forms must work and the vendors are saying that the web forms can't work without SMTP, and she has promised her boss that the site will be live this friday. After I passed all the information I gathered to the guy, he still said he couldn't get it to work. His boss said that this is an environment factor that is beyond their control, and if we are unable to provide them with settings that work, then they are unable to do anything.

The problem sounds simple. The vendor insisted that we need to give them a username and password to access the SMTP server. The SMTP server works on an unauthenticated mode, meaning no username and password required. I had 3 other systems sending emails through the same SMTP server and all did not need to authenticate with a username and password. Eventually, I sent the question to the helpdesk managing the SMTP server, and we are still waiting to solve the mystery.

That aside, I couldn't understand why the web forms couldn't work if we couldn't send emails. The web forms were storing the data submitted into a database, and the email part was to notify the webmaster that someone had just sent a feedback. They had been explaining and explaining for the past 2 weeks, but I couldn't understand until today, when I asked them, if I don't have any email available, how will the error message look like?

It turned out that the error message misled us into thinking that the form wasn't working! OMG The error message was "we encountered a technical difficulty in submitting the form". When I asked what other error messages he had, he said "we encountered a technical difficulty in saving the form". It was then that it suddenly became clear what the problem was. The forms were saving data into the system, but the notification portion wasn't working, so if we just change the "error message" to "thank you", the user who submitted the feedback will not think that it is an error, the feedback is still captured in the system, and the only thing is the webmaster will need to log in to the system to retrieve the data.

You can just imagine the users' reaction when this was reveal to them. What initially was on a critical path of failure turned out to be something not critical, and all we needed was someone to take the problem apart.

really serious troubleshooting business

I was troubleshooting a 5 month old inconsistent and intermittent problem earlier because I had been relying on the vendors and the issue had not reached the fire-on-the-backside stage.

The problem was easily resolved  in 30 minutes after I figured out the 10 lines of shell script that was fetching the files from the ftp server. I would not have been able to write the shell script from scratch, but I guess I have a good translator in my head.

Before that, 2 external and 2 internal data centre server administrators, 5 application vendors, infra manager, and myself, were all unable to resolve the problem. Just 2 weeks ago, the server admin was asking the infra manager why he is taking so long to solve the problem. The server admin was telling the application team that their code was wrong, the files need to reference the root instead of the sub folder. The application team blamed the script for not copying their files properly. I wasn't contributing constructively by chasing the application vendor for status updates as well.

11 people involved. What a joke, all I did was to tell the shell script to read from the sub folder instead of the root, but to be able to troubleshoot the problem, the person needs to understand shell script and html, which sounds like common sense, but I guess the stars were not aligned.

the account locking mystery

It start last monday 10.40 am when a user notified me that scampoint was down. We did the usual checks, but it was the first time we encountered the symptom - scampoint admin account was locked out, and irregularly, sometimes 30 seconds, 1 minute, 5 minutes, 10 minutes, 30 minute, finally stopping at 2 pm. 5 pm it started, locked out a few times and stopped at 6 pm. For the whole day we were checking the various logs, and well... nobody could identify the problem. The application administrator, server administrators, application support vendor. The source IP locking the account was the scampoint server itself.

Tuesday was peaceful. We did a reboot of the servers just to make sure. The server administrator was telling me that the application administrator doesn't even know how to troubleshoot the problem. I told him, administrators are like operators, and if they can do troubleshooting then they are better than others, like himself, he is an server administrator, but he helps us troubleshoot our scampoint issues sometimes. So that was a psychological nudge that I was passing problems to him.

After spending 2 days thinking, I asked these guys what they thought of my speculation, that it's a human triggered action, because it only happened during office hours, has irregular occurrence, and anybody who tries to log in with our user name will lock us out with the wrong password, which is so easy to find out because our admin account name appears all the over place, if you know how to look. What I could think of was just typing a wrong password for a particular user name will lock the user out. Everybody was still clueless, so I escalated to their infra manager, i.e. my infra guy, to ask him for ideas. He told me that he was impossible to prevent an account from getting locked out.

I went back to the administrators to tell them that we will be on our own so I asked the server administrator whether he could write us a script to automatically check our account every minute and unlock it if it is locked, and then send an email notification. His incentive was to feel satisfied that he has contributed to improving the productivity of the team, have lunch in peace, and not having to take turns to monitor whether the account got locked, else we will all have to write an incident report because the intranet is down when everybody is out for lunch. He was helpful enough to agree, and that took some stress out of our plates. My agreement with him was that it's just to help us save time to solve other issues until we can think of something for this issue. Today we had about 10 burning scampoint issues on hand. One of those days where it feels like I am defusing a time bomb, and I cannot make any mistake. The scampoint administrator is already quite stressed out and tickets are piling up.

Luckily for today, the account locking happened 3 times between 10.10 and 11 am, and for the rest of the day it was fine. I was trying to reproduce the problem, but couldn't, this is just self-affirmation I won't pass as a hacker. Thanks to the guy who told me it's impossible to prevent the account from getting locked out, I turned to my friends, and one of them suggested that I lock down the account. I was so glad that he had been thinking about it for 2 days too! So we will try that tomorrow and if it works, we may never know what caused it, and it may be a pity not to know the answer to the mystery.

who wrote it?

Me: [addressing question to vendor project manager] why was this sentence written this way?

Vendor project manager: Hmm, I didn't write this, I am not sure.

Me: Who wrote this paragraph?

Vendor project manager: [vendor technical director] wrote it.

Me: [addressing question to vendor technical director] why was this sentence written this way?

Vendor technical director: I don't know why it was written this way, I didn't write this.

Me: Who wrote this?

Vendor technical director: [vendor project manager] wrote it.

Me: When? [vendor project manager] said he didn't write it.

Vendor technical director: he typed it after the meeting he had with your team.

Users and I all burst out laughing.

strangleton

I am usually patient, calm and good, but when I am sickish, or lack sleep, I become aggressive and any one who annoys me makes them a strangle-ton, adapted the word from singleton.

Me: have we settled the outstanding issues with the user?

Vendor: yes, we have already explained to the user that it cannot be done and customisation effort is required.

Me: and the user agreed?

Vendor: yes, the user agreed to have it in phase 2.

Me: there is no phase 2.

Vendor: yes, there is no phase 2

Me: if we make this application too difficult to use, they wont use it and we don't need to think of any phase 2.

Vendor: yes correct.

Me: the users asked for a breadcrumb trail, why can't we give it to them since it's out of the box?

Vendor: because we didn't give them rights to open the root level folder so the breadcrumb trail doesn't work.

Me: why aren't you giving them rights to the root folder?

Vendor: because giving them rights to open the folder means they will be able to see the files and delete.

Me: can't we just don't give them rights to delete those files?

Vendor: no, because we don't want to break inheritance, and they have delete rights at the root.

Me: what are these files at the root folder?

Vendor: system files, the application pages that the user needs to use the system, that's why we cannot allow them to delete.

Me: why do you store the system files with the user files?

Vendor: because we only used one document library for our applications.

Me: how hard is it to separate the system and user files into two document libraries?

Vendor: it's a simple change of configuration.

Me: then can we do that and give users the breadcrumb?

Vendor: yes

Me: we need to give the users as much productivity features as much as it is within the cost and scope and breadcrumbs is there, and we will be short changing them by your (lousy) application design.

Me: now to the next issue. Why are you telling users to move files one by one instead of using the file explorer bulk moving of files functionality?

Vendor: because we only allow admin to delete/move files in bulk. Users are not admin, so they cant use the function, that's a requirement.

Me: but there is still an option for the user to move files via file explorer.

Vendor: they won't know because we didn't tell them.

Me: they are intelligent people and you think they won't know just because you don't tell them?

Vendor: yes

Me: can we tell them that they can use it?

Vendor: no, they are able to delete files in the file explorer when they don't have rights, but if they use the application they will not be able to delete.

Me: that's a breach of the security model of the product, are you sure you can delete?

His colleague explained to him that the user can click delete but if he refreshes the window, the file will still be there because he only deleted his local cached copy.

Vendor: there is another thing, if they delete from the file explorer there is no audit trail.

Me: audit trail for file explorer is an out of the box feature, why isn't it in the audit trail?

Vendor: because we customised the audit trail so there is no audit trail at the file explorer because we didn't want users to user that function.

Me: since you have already customised the audit trail, there is not much we can do for that, but tell the users that if they use the file explorer to move files, it will not be captured in the audit trail. I don't want the users to use the file explorer and then report the audit trail not capturing the move as a bug.

Vendor: ok.

Me: so think about how you want to tell the user everything we have discussed and we will meet the user next week.

Well the positive side of it is that I know we should be able to sign off the system next week after these issues are resolved. The bad part was to the user I took 2 weeks to get round to this because firstly, the vendors were supposed to be closing all the issues, and secondly, because I was away from work due to yaya's teacher's day school holiday, yaya's HFMD, 1-day course, my own body hibernating, my more ferocious users hunting me down immediately on my return, and of course the 10 chess boards that I rotate playing everyday. Another vendor I met today thought that I only have 1 project with them. Isn't that what every user thinks too? that they have tonnes of work whereas we are idling somewhere escaping from all the work. haha.

The trick is similar to multiplexing, getting the right sampling frequency of the user, and always appearing at a particular frequency to make them feel that you are full time with them, and always there for them, when you are not. And like in networks, you need to have a range of bosses/users/vendors with differet frequencies, so that you don't miss any packet. If they have the same frequency, then we need to double the sampling frequency. Ok digressed too much, the multiplexing bit was just a friday crazy bit, cant really be applied at work, there is no trick. Just pure brain juice being used to play 10 boards of chess concurrently. It helps if your opponent is 10 times slower than you are.

manual work rocks

This happened yesterday, a friday. My colleague asked me to attend her migration meeting at 4 pm but I told her I wasn't free. My phone rang at 5 pm, she asked me to go her meeting because there is an issue. So I went and it was over in 10 min.

Me: what is the issue?

Vendor 1: our migration service request only covers exporting of data to DVD but not importing.

Me: why not import?

Vendor 1: because there is no way to import a data table with attachments.

Me: so how is it supposed to be done?

Vendor 1: you will need to import the spreadsheet first, then manually attach the documents back one by one. It is not in our migration scope to do it. Users are also not going to do it.

Me: and why must I be the one doing it?

Vendor 1: that's the issue now.

Me: do you have any unique identifier to link the data row and attachments?

Vendor 1: no, you need to look at the title.

Me: how is the folder structure going to be like in the DVD?

Vendor 1: just 1, 2, 3, 4, 5, ...

Me: how do you get those numbers?

Vendor 1: we drag out one folder at a time, manually, the numbers are system generated.

Me: if the system has the number, can you export it out to the spreadsheet?

Vendor 1: yes.

Me: if you have the number, then you can create a link to folder containing these files. We just upload all these numbered folders into a folder.

Vendor 2 (vendor 1's boss): oh...

Me: do you understand?

Vendor 1: we can't link to the folder.

Me: we manually pre-fix the URL to the root attachments folder to those unique numbers.

Vendor 2 explained to vendor 1 because he couldn't understand. At this point, the users already understood.

Users: we will use this method.

Vendor 1: we will just give you the spreadsheet and DVD and there will be no links to the attachments.

Me: nevermind, I will show you how do it when the time comes.

He must be still lost, but I think his boss should be able to explain to him. I really don't how they survive as vendors to be recommending manual work. Actually I don't really have any business in this, but that's how my work is.

we don't seem to be hitting the right notes

Recently, when the PM announced the many possibilities that his ministries will be working on to boost the birth rates, it was active action of hitting the keys on the keyboard, but the tune didn't sound nice, just like how we complain about the national day song these days being no match against the national day songs from two decades ago.

There are many facets to the birth rate problems. The more obvious ones are money, time, job security, spouse support, grandparents support, maids, car, preschool, quality of life, standard of living, ...

If we drill down to the blocks of life, what every man wants from life, it's happiness. When we use happiness as the guiding principle, we will be able to see more problems beneath the visible problems.

Firstly, happy people will breed happy people. If the person doesn't feel happy with his life, not necessarily unhappy, he will ask himself why will he want to bring to life a child who will feel the same as him, if not worse.

Secondly, successful people breed successful people. A successful person will feel happier than an unsuccessful person. Those who are unsuccessful and say that they are happier because they are unsuccessful are living in self-denial. Our capitalist society has made us all very competitive. After going through ranking exercises in schools for tests and exams, we go through more ranking exercises at work. It breeds a majority population with low self esteem, and a minority population with high ego. Those who are constantly trying to climb to the top will eventually conclude that having children will add more burden to whatever burden they already have. This burden could be in the form of not being working hard enough to reach the top.

Thirdly, high cost of living is a self-fulfilling prophecy. Everybody around you talks about how expensive it is to raise kids - milk powder, diapers, medical, childcare, tuition, enrichment, insurance, school fees, university fees. Over time, you think that that is the "normal" lifestyle, and when you try to adopt it, realise that it is really a high expenditure pursuit. This reduces one's life satisfaction index, and hence happiness. Innocently, having children implies increasing your already high cost of living.

Fourthly, over sensationalised balloting results in flat applications. People feel that there are not enough flats for everyone, hence being able to get a flat first is seen to be a big achievement, when it really is not. Going through all that trouble really makes people feel unhappier than happy. 

Fifthly, over sensationalised balloting scenarios in primary school admission. Parents even need to do volunteer work to get a chance to ballot for a slot in the school. This gives people an impression that there are insufficient primary schools in singapore, maybe it really is the case, but if it is not, creates that impression. However, I believe that there are insufficient schools that can meet the needs of the aspiring and competitive parents. When others see how grouchy parents become over just getting their child into primary school, they think that it's unlikely their children will be happy as well.

Sixthly, money makes people happy. Those who say that money doesn't make people happy are either filthy rich, or are being supported by donations. If you give someone $100 rebates, he is happier than his PR neighbour who didn't get it. If you give someone $10,000 in baby bonus, he is happier than the foreigner parent who didn't get it. So my point is, the bottomline needs to be raised, the individual needs to have that constant $100, or $10,000 appearing in his bank balance, so that he constantly keeps himself happy, instead of the government making him happy once in a blue moon, if not, only once in a lifetime.

Finally, I grumble once in a while that I have to spend ~S$20k/year on my little girl's childcare, medical, daily expenses. I haven't factored in my manpower cost to look after her, maybe make it cheap, S$10k/year. If I convert this into GDP, I am contributing an additional 30k/year to Singapore's economy. And I am convinced that the government wants me to spend a lot more, so that GDP continues an uptrend, just like their salaries.

who will re-sign something unfavourable?

Yesterday I signed off the user requirements document for a project, then today, the vendor asked me to re-sign it.

Me: Why?

Him: Oh, because we made a change.

Me: What change?

Him: We brought the signed document back and our boss told us to add in a line.

Me: What line?

Him: That you will sign off the functional specs within a week of signing off the user requirements.

Me: No. I am not signing.

Him: But ...

Me: No.

Him: Our boss ...

Me: Just this week, trying to find a date to go through the functional specs with you yielded no dates. I will only agree to such a term if you can promise me that you have the full 5 days blocked out from your other projects, and we meet consecutively 5 days to clear this. We still have a lot of ground to cover.

In the end, he just said ok.

incident prevention and incident response

I had wanted to write about this for quite some time, but had never gotten the chance to type it out. In IT systems support/management, part of the maintenance phase is incident response and prevention. It's always in that sequence. The prevention bit normally comes as a mitigating measure after the incident has happened.

There was a JC class outing I had in 1999 where a group of us went to The Heeren, and wanted to take a group photo at the atrium area in front of HMV (it was HMV then). As it was quite late at night, 9 pm, there wasn't many people around to help us take a photo, so we approached an idle-looking security guard who was standing outside HMV. He said no, I asked him why, he said it's his job to guard the gates - those magnetic gates at HMV that sound of alarms when someone tries to take an unpaid merchandise out. We looked for another person to take the photo for us.

In what happened in a blink of an eye, while we were gathering for a pose, the alarm sounded, the camera flash went off, and a guy was pinned down by the security guard whom we approached earlier, just beside the magnetic gate. Everyone gasped. Another security guard came over, helped to restrain the guy (a young malay boy by the way), and took the guy into a room. Before we could even move out of our formation, that same security guard was back at his original patrol position, and we didn't even notice when he moved!

After that incident, I had a very different perspective towards incident response. Hence I have a different approach to incident response for the systems I support/manage, I have hawk eyes on incident prevention. However, with resource optimisation, and optimising optimised optimisation, incident prevention is almost a non-existent scope of work. You are hired as the security guard to guard the gates, to control what goes in and out of your system, but instead of watching the door, it's likely that you are re-arranging a CD, or processing a customer's payment, or receiving a delivery, or helping a customer look for a soundtrack he wants, anything except standing at the gate, watching. As a result, any thief (incident), almost always escapes your eyes (avoid getting prevented), and becomes an incident (theft case), which you will then need to respond. You then still have to stop re-arranging the CD, or stop processing the payment, or stop receiving the delivery, or stop helping the customer look for his soundtrack, and chase after the thief, in vain.

You then activate the other teams to help you trace that guy, and as you are on it, your boss will ask you to provide a regular status update on the situation, and it's likely that you won't be able to trace the guy (don't know cause of incident), don't know what he took (because it's not RFID, just magnetic strip due to cost cutting measures), and your boss still insists you trace the CD, so you end up having to do an ad hoc stock inventory, tally it against your point-of-sales system for the day (because the IT system doesn't have a report to handle such a scenario), and finally as a mitigating measure, you state that you need to be more vigilent in future, and it's weird if you say that, so your boss helps you say that.

That's why some people look idle, always idle (due to sampling frequency), and are deemed idle. While you are posing for a photo, he would have stopped an incident from happening, and returned to his idle position, without you noticing.

what first words say about me

Recently yaya started to make more understandable sounds. She is 20 months now. Before that she babbles away and I can't make a word out of it. The first word she said was "stop", which should be one of the words I used with the highest frequency on her. She will stop just before the escalator and say "stop", and then raise both arms to wait to be carried. She will stop at the areas around our house, mainly the carpark entrances and exits, and where the roads are. But I am quite sure that she doesn't know that the road is where I want her to stop because when we are at other roads, she doesn't know that she has to stop. So I have started to train her to stop at traffic lights. She also stops on cue, when I tell her stop, she will stop doing whatever she is doing, or walking if she is walking. lol

The second word she said was "dirty", and I couldn't stop laughing when she kept repeating the word "dirty". She kept picking dirt up from the floor and then said "dirty". Our house is rather dirty, so I always scream at her, "dirty... don't touch" And it comes back to me like haptic feedback. She will also point to her wet diapers and say dirty, and then pinch her nose, which is the action for "smelly". The novelty stopped after a day though.

I have been very conscious with the words I use because I know that it affects what I hear from my mini boss. These two words shows how I have been training her. "stop" is for me to stop her without having me to grab her. "dirty" is for me to tell her not to pick up rubbish from the ground. But when I say rubbish, she will pick it up and throw it into the rubbish bin. It's funny too. I wonder how her brain is associating dirty and rubbish now...

道、德、仁、义、礼、智、信

老子《道德经》三十七章：

上德不德，是以有德；下德不失德，是以无德。上德无为，而无以为；上仁为之，而无以为；上义为之，而有以为；上礼为之，而莫之应，则攘臂而扔之。故失道而后德，失德而后仁，失仁而后义，失义而后礼。夫礼者，忠信之薄，而乱之首也。前识者，道之华，而愚之始也。是以大丈夫居其厚，不居其薄；居其实，不居其华。故去彼取此。
老子认为，上德近道，下德近仁。以大道立天下，不讲德自有德；以仁爱为旗帜，好讲德常缺德。以自然为本，由本及末的顺序是：自然、道、德、仁、义、礼、智、信、愚，称为“天下式”。

while we were discussing project requirements, suddenly someone talked about this... thought provoking when you try to apply this to your tender specs lol 

my obsession with the buddha

I had never read Buddhist books in Chinese before. I tried to read those free-to-distribute chinese books, but not one held my attention. The books I had read before were all english translations and interpretations. From there I concluded that Buddhists do not believe in a god as creator, but was more a believer of existence and reincarnation of beings, each reincarnation cultivates the self to a higher order being. Buddha was hence a state of an enlightened mind. Nirvana was the heavenly realm where the scriptures call the after world, or literally translated from chinese, western world. That has been the faith I had since 1999.

When I read a scripture in Chinese, I was surprised that there was mention of a god whom we seek wisdom, but that god isn't Buddha. Buddha was usually interpreted as an enlighten state of mind. Some interpret that Buddha as an end destination. Some interpret the Buddha as path free of material needs. Whichever the interpretation, it can't be too for from the truth, as we can see the monks all over the world believing in the same faith.

This moment, my interpretation of Buddha is life without material needs. This life co-exists with what we know as reality. Some believe that if we remove our material needs from our reality world, then the reality and Buddha world is one. Whether we choose to remove our material needs from reality is a choice. Some believe in giving away their wealth to help the poor as a gesture of removing material needs. Some see material needs as greed.

The reality is that we live in a material world where everyone, even monks, need to eat, sleep, work for money. The monks work in the temple, teach Buddhist classes, and if their salary don't go to themselves, it's to the temple, to buy food for him to eat, to pay the utilities bills for his temple lodge, the chair he sits, the books he uses, the clothes he wears, so I feel that the whole chase for a life without material needs is purely symbolic than practical or purposeful.

Assuming a dualistic nature, and descartes 'i think, therefore i am', we will be able to come to terms with a material reality coexisting with a life without materials and at the same time experience the life without materials as reality. The concept of life without materials could be seen as reality as you feel it, moments where you are free from material needs such as your bed time, prayer or meditation time, a time where you feel in tune with the universe. It could also be seen as the spiritual realm/dimension that exists with the physical reality realm which we all convince ourselves to be living in.

Assuming a non-dualistic nature, then only one realm can be the reality, and the only way to achieve a life without material needs is to have a life without material needs.

I believe in duality. I live a life in the physical reality, and enrich my physical life with the insights gained from the spiritual realm. I can't remember what the actual words were in the book, but it was something along the line that says, the buddha is outside of you, but at work, it's with you.

And I am not a buddhist, I have multi faiths.

never trust old birds no matter how convincing they sound

I know I shouldn't be laughing at others, but I just found it a little unbelievable for a manager to not know how single sign on works. It started with an innocent question whether we can test single sign on on ipads because so far we have been testing on windows machines. He said, with conviction, that there was no need to test because the login module is disabled after single sign on is enabled.

We were awe-struck. After explaining to him that the login module wasn't being disabled, he thought that the login prompt is something triggered by the active directory (AD), and after more explanation, he still said that there will not be any log in prompt. Windows authentication was an alien term to him, after explaining to him that windows authentication is a windows client to windows server single sign on mode, he was completely lost.

Not laughing. Few months ago, I said something noob-ish. I always remember such moments because it sticks out like a sore thumb on my report card. The infra team could be bitching away over how noob-ish I was when I asked them to convert a database cluster from an active-passive mode to an active-active mode, but it was because this unbelievable manager told me that it could be done! I had learnt my lesson not to listen to what he says, because even google is more reliable!

The road to a good reputation is to always to verify my sources.

a day of self discovery

Yaya adapted to her school within a week. She walks to her classroom by herself, doesn't even say bye bye to me in the morning! In the evening, she will obediently go home with me. She is in the childcare for 11 hours, mondays to fridays. I ferry her to and fro everyday as well. So far she has only been out of school for one day because of a diarrhoea. The school wash the kids' hands every hour, so I would say I had a relatively stress-free life. (stress = yaya sick + i need to take leave)

Every night we repeat the same routine. Shower, eat dinner, sit around and watch us go about our household chores, then we will give her a milk bottle, leave her in her room, shut the door, and she will sleep. As yaya is now in childcare, as opposed to previously being at home, I am now able to focus better at work. When yaya was at home, she slept late, which made me more tired in the day. Now she sleeps by 9 pm, so I get more rest. So I am an advocate for childcare lol...

As she has been very obedient with her sleep routine, I had been able to do more reading at night. I realised that I had been a little outdated in terms of technology. Recently I had been reading up on google analytics and RSS feeds as I cannot understand the terms my users use lol. She knows google analytics and RSS feeds more than me, I felt that I had to keep up. I was also reading up on databases. In the past, I relied a lot on my DBA to tell me what I need to know, now I don't have that luxury, my DBA is a DBA, database administrator, not a database designer, not a database architect, not anything else, just an admistrator who executes scripts, and day to day operational tasks.

It was only after 3 months, did I manage to convince the infra guy to upgrade my database. 3 months ago, I complained that the memory usage is >70% and requires upgrade. He said it's no cause for concern, and it's due to settings. Fine, I  let him change his settings, he insisted that we must monitor for 3 months, fine, I can wait, the moment 3 months was up, I asked him, so is it more than 80% now? He said, close, not yet 80%.

Work wise, more work, that's something expected. But what's new? Being told that I can still do my own work in my project's user requirements gathering sessions. I was quite pissed off when I heard that, but I am quite sure he wasn't thinking, as he is prone of that. It started with a very harmless question from my supervisor:

Him: How's your work now?

Me: Tiring. I spend an average of 2 half days every week on the user requirements gathering for the xxx project for the past 3 months.

Him: But you can still do your own work when you are in the meeting right?

Me: I wish! Not one time did I ever have that luxury, every meeting my user and vendor are arguing over the scope.

Him: Then what do you need to do?

Me: Decide what is to be done.

That was one week ago. This morning, one of my bosses asked me what type of work I do for my projects. I never really thought about it because my supervisor calls it operational issues, but he drilled down further to the specifics, that was when I realised that everyday I am always arguing with people because I was deciding what should and should not be done. For me, it is a very subconscious activity, I can easily tell people yes or no, to the extent where I feel that I am hired just to argue with people, but that's basically what I had been doing in my previous job as well, which I didn't realise, because it was so natural that I didn't know that I was making decisions.

Another point brought up this morning was that my bosses were talking about themselves "trivialising" work, e.g. saying a certain task is simple, or can be done very quickly. It never occured to me that they were "trivialising", because I saw it as not paying attention to what's going on.

Once in a while, conversations like these make me discover myself.

the active directory login that wasn't

One of those things that frustrates me at work is not having enough time to go through the systems, simply because my job scope doesn't require me to understand the internal mechanisms of the systems I manage, and coupled with vendors of questionable quality, many problems never get solved.

I took over an applications from a project manager (PjM) some time back, but I had never really looked into the system because it is a system that is only used in december every year. Last december I was helping her to troubleshoot problems with her system, and also cover the helpdesk tickets when she was absent. She was really stressed out the whole time because of login issues. When I tried to help by probing more into the design of the system, she told me that it's her problem, don't bother, so I didn't interfere.

She was the PjM from the very beginning of the project 4 years ago, saw it through the development, and then finally maintaining it. The vendor developer quitted after 3 years, got replaced by a 2nd developer, who left after supporting 1 december, and then replaced by a 3rd developer when took over, who also left after doing a few rounds of testing and resolving login issues. The 4th developer who took over was the one who discovered that the application wasn't using active directory (AD) login, when it was declared to be.

On hindsight, it was suspicious during the 15 min handover session I had for this system. I know it sounds crazy, but I only had 3 hours for her to handover 2 systems to me due to the short notice of handover assignments. I tried to log in the production with my AD credentials, but couldn't log in. She said it's always like that. There are a lot of login issues, so she just uses the admin account to log in. As we only had 15 min, I didn't dwell too much on the login issue.

Last december, I remembered supporting a case of a director who couldn't log in to the system. She escalated the issue, and about 5 people were activated just to help troubleshoot her login problem. We resetted her AD password countless times, and in the end, the developer deleted the account (need to raise service request to execute SQL query to delete account), then add the user back into the system, then she could log in.

And upon further recall of my memory, login issues were usually resolved by deleting the user from the database, and then adding them back into the system. For the longest time, that didn't make any sense to me. When I asked the vendor, (back then it was none of my business but I really pitied the PjM who was so stressed out by the login issues), he told me that he didn't know why, he was handed over the instruction to delete the user and add it back to resolve login issues.

The key to the mystery was that this application stored passwords in the system, and the password it stores, is the password that the user typed in the first time he accesses the system. As we need to change our AD password every 90 days, and we cannot reuse past passwords, it's no wonder why the passwords don't match, and hence face login issues every december when people use the system.

Sad is the life of that PjM. This is not the only mess I took over though. This really made me "dunno what to say", so I had to blog.

9 months at work - when you cant trust

It's quite unthinkable that I have survived 9 months in my job, and when I look at the amount of work I have, it was easily twice as much throughput as my previous job for the same time span. As the months go by, I am getting more and more challenging work, not that I am complaining, just that I don't want to end up stealing other people's work and being called the boss' pet.

Recently, I have been working on a single sign on project which had been preambling for half a year, and then one fine day, the AD (active directory) guy told me, "next month we will implement one-way-forest-trust". My immediate reaction was WHAT!!! only give me 1 month's notice? After making a huge fuss, the project was jammed, and then for another 3 months, the witch and wizard re-chanted their spells and kept getting ingredients from us. However, we didn't know what they were brewing until 2 weeks ago. One-way-forest-trust is the name of a type of AD setup that enables single sign on.

Everyone, well almost all the vendors, felt that they had been given wrong information. As for me, I had never trusted them because of the multiple versions of stories they had been telling us, so I didn't feel cheated. *evil me* While they were brewing their soup, I was asking google to impart knowledge of the whole alien topic of one-way-forest-trust to me. Servers, domains, network connectivity, connection protocols for AD, internal mechanisms of AD, etc... almost everything that I never had to know.

It was only 2 weeks ago that they scooped out the soup for us to drink and let us see the pot. We only had 4 weeks to figure out how to get the whole single sign on to work. Everyday we were trying to decipher the code because it was new to all of us. As I had a few systems to work on, I focused on my monster scampoint because that's the most important to everyone. For scampoint, I am very lucky to have a vendor who listens to everything I say. I tell him what I want him to code, he codes it in a few hours, I check, tell him the changes I want, after a few rounds and within a week, we were done.

After he completed what he had to do, we were just short of doing thorough testing, and I am quite sure that we are almost done for our scampoint, I decided to give him a 5 min motivational talk. ... You see, now that we have more or less tested our code and know it works, what risks do we face? We face the risk of an incompetant AD team who may bring us down. If they fail, all the apps will suffer, including us, because we are assuming that they are going to go a good job. If they fail, no matter how good a job we do, people see that we failed, they won't see that the AD team or the SSO project team failed. Do we really need to be at their mercy? We are definitely better than them, so to reduce the risk of us failing because of them, we will need to have a back up plan that can take over their work. And you must also not trust me, you must also think because I may be wrong. After that I told him to code more things for me and he was willing.

As I can only trust myself when I am faced with the ticking clock, I inadvertently create work for myself, like this one. I decided to make a call to the other vendor who was managing other scampoint apps, I didn't have to, and he will most probably fail if I didn't ask.

Me: "Are you assuming that we will be doing anything for you?"

Him: "We are assuming that scampoint will continue to sync users from AD."

Me: "Are you assuming that we are going to sync the users for you?"

Him: "This one we haven't thought about it because we are just using scampoint to build our app, we are not maintaining scampoint."

Me: "Ok, so now I am asking you, are you assuming that I am going to populate the users for you?"

Him: "We don't intend to change the sync mechanism, so we just need you to point to the new AD."

Me: "Do you know that it won't work?"

Him: "Why?"

Me: "Think again, then you tell me."

Him: "No change is needed."

Me: "Are you sure? You will need more than that."

Him: "Oh..." then he yadda yadda yadda, he got it.

Me: "I am not going to solve that problem for you."

Him: "It's not in our scope."

Me: "You didn't tell me that it's your assumption, so it's also not in my scope."

Him: "Then you need to bring it up to your boss."

Me: "It's your app that is affected, but nevermind I can bring it up as well. If it's anyone's fault, it's definitely not my fault for asking you whether you are assuming anything."

Him: "Yes, I know, it's our mistake, we didn't think of that." 

But I still helped him after scaring him over the phone... lol

transcending to paradise

Today was the final day of the funeral and monks were engaged from this organisation called Heart for Peace. The lead monk is Bhikkhu Buddha Dhatu, who led the prayers with his team of 9 - 3 men, 3 women, and 3 young boys. As there were a lot of preparations to be done for the prayers and many people moving about, that strange chill suddenly came back, and I knew that something was clinging onto me again. I engrossed myself deeply in the prayers by the 9 as I felt that the monk was emitting energies. He believes that he helps human beings go to paradise. Throughout the session, I saw his paradise. It was a space with a lotus and many bright spots of light around it. As it was the first time I saw this image, I was quite sure that it was from him.

Those shivers continued and a feeling of uneasiness swarmed over me. The prayers required us to walk around the coffin 3 times, and each time, I had the strong urge not to look at the body, so I briefly glimpsed, as a form of respect. It was as if I had wandered off for a few days, and then suddenly got called back, and I don't know why. The prayers were indeed effective because at the end of all the praying, I felt that I was back to normal, so I know that the grandma's soul must have transcended to paradise.

I was grateful to be part of the experience, and wonder whether the others felt the same. I felt extremely serene and at ease. After everything ended, I went to read the monk's book, because he said we can learn more by reading his book. After reading, I refreshed my memory of what I used to tell myself, that I need to do good deeds, for a better next life. Of course we may say that we are what we are now because we worked hard for it, but I believe in karma, and that a past life of good deeds results in a good present life. For example, if your past life was a nurse, and you served many patients, then the good karma accumulated results in a good present life, less hardship and burdens. However, if we take advantage of the good life and forget about serving the community, then our next life will not be as good. So then we wonder why we bother about our next life... It's just so that we have a peace of mind when we leave our bodies, that we have done many good deeds in the present life, and we are moving on to a better next life, with no regrets.