enjoy.the.journey

do u know what u want in life?
do u know where u are heading?
do u know what do u want to do in your thirties?
in your forties?
when u retire?

Proverbs 18

¹ An unfriendly man pursues selfish ends;
he defies all sound judgment.

² A fool finds no pleasure in understanding
but delights in airing his own opinions.

³ When wickedness comes, so does contempt,
and with shame comes disgrace.

⁴ The words of a man’s mouth are deep waters,
but the fountain of wisdom is a bubbling brook.

⁵ It is not good to be partial to the wicked
or to deprive the innocent of justice.

⁶ A fool’s lips bring him strife,
and his mouth invites a beating.

⁷ A fool’s mouth is his undoing,
and his lips are a snare to his soul.

⁸ The words of a gossip are like choice morsels;
they go down to a man’s inmost parts.

⁹ One who is slack in his work
is brother to one who destroys.

¹⁰ The name of the LORD is a strong tower;
the righteous run to it and are safe.

¹¹ The wealth of the rich is their fortified city;
they imagine it an unscalable wall.

¹² Before his downfall a man’s heart is proud,
but humility comes before honor.

¹³ He who answers before listening—
that is his folly and his shame.

¹⁴ A man’s spirit sustains him in sickness,
but a crushed spirit who can bear?

¹⁵ The heart of the discerning acquires knowledge;
the ears of the wise seek it out.

¹⁶ A gift opens the way for the giver
and ushers him into the presence of the great.

¹⁷ The first to present his case seems right,
till another comes forward and questions him.

¹⁸ Casting the lot settles disputes
and keeps strong opponents apart.

¹⁹ An offended brother is more unyielding than a fortified city,
and disputes are like the barred gates of a citadel.

²⁰ From the fruit of his mouth a man’s stomach is filled;
with the harvest from his lips he is satisfied.

²¹ The tongue has the power of life and death,
and those who love it will eat its fruit.

²² He who finds a wife finds what is good
and receives favor from the LORD.

²³ A poor man pleads for mercy,
but a rich man answers harshly.

²⁴ A man of many companions may come to ruin,
but there is a friend who sticks closer than a brother.

“It’s impossible,” Gerald said in a matter-of-fact tone, “simply impossible.”

“Now just so we’re clear,” Craig responded, “by ‘impossible’, you actually mean ‘a big pain in the ass’, but you’re a smart guy who can make it happen, right?” That drew a few chuckles from the handful of other coworkers who joined them in the conference room, but Gerald just sighed. “No, Craig, by impossible, I mean impossible. Not doable. Can’t be done. Im-poss-i-ble. Well I mean, unless you can somehow change the underlying structure of the way everyone communicates on the Internet.”

“But we don’t need to change it for everyone,” Craig jumped in, “just one client. Surely, you can do that!”

The situation at hand was not an uncommon one. Craig, one of the company’s top producing sales reps, had once again sold a client on a feature they did not have. He certainly didn’t lie about having the feature, but instead proposed an offer the client couldn’t refuse: if you buy it, we’ll build it.

Management, not being the type to turn down booked sales, couldn’t refuse the offer either. And thus, they sided with Craig on what ‘impossible’ actually meant. They also assigned Gerald and team to develop the much-needed feature: an IP-based authentication system that would allow users of their Software-as-a-Service product to access the system without ever needing to log in.

Gerald’s main objection with IP authentication was that the majority of users – and in fact, all of the users at the client site – were behind a router. Though they’d certainly each have an internal IP address assigned, they would all share the same public IP, making one computer indistinguishable from the next.

To make matters even more tricky, their application was used by hospitals to track certain kinds of patient data, which meant that HIPAA – the regulatory framework that defines how patient data must be stored and accessed – needed to be followed. And not just followed, but followed, tested, certified, re-certified, and double-tested. Any change to the HIPAA-related functions – authorization included – would need to go through a painful internal and external QA process.

Given the impossibility of getting the end-users internal IP address from the outside, Gerald figured that using cookies would be the next best thing. Have the user log-in once, and then store an authentication cookie on the computer for as long as possible. Sure, that meant clearing cookies would trigger a new login, but it seemed to be a fair and easy work-around. Well, not so much: the client vehemently rejected the idea, saying that their employees couldn’t be bothered with having to remember yet another login, even if only temporarily.

After going back to the drawing board, Gerald came up with another idea: configure the firewall proxy server on the client’s side to add a custom HTTP header (X-Forwarded-For) that included the original IP address. That idea went over just about as well: HTTP headers could be forged, and a malicious employee inside of the company could hack in too easily.

Gerald’s third proposal to the client involved a site-to-site VPN connection. The application server would be exposed access via the client’s internal network, which would not only allow them to use IP authentication, but Windows-integrated authentication as well. It was his best idea yet, and made things that much easier, as the client would be able to configure which username has access instead of which IP address. Unfortunately, the IT folks at the client weren’t a big fan of the approach, as “a VPN connection is inherently insecure.”

At wits end, Gerald came up with yet another idea: a “Single Sign On” approach of sorts. When the end-user would access their application, the system would look for an “authentication ticket” cookie. When not present, the user would be redirected to another server – which lived inside the network – whose sole purpose was to generate a secure authentication ticket that included the private IP address. The ticketing server would then redirect to hosted application, which would then verify the authenticity of the ticket and give the user access.

The client absolutely loved the idea. “This is exactly what we’re looking for,” the client’s project manager said, “no need to remember logins, plus solid security.” The sales contract was signed, and the project was officially a go.

And finally, three months later, the new feature was finished. It took three solid weeks of development time, two weeks of QA testing, several thousand dollars in new hardware, and tens of thousands of dollars for an external HIPAA assessment, but the sales rep and the client’s project manager said it’d be worth it: no more remembering logins. Now, all that was needed for implementation was a list of IP addresses that were allowed to use the computer.

“Hi Gerald,” the client’s project manager wrote in an email, “please provide the following IP with access to the system: 10.1.23.97.”

Gerald confirmed, and reconfirmed: only one user needed access to the system. And apparently, she really hated remembering logins

taken from the daily wtf

Most people are other people. Their thoughts are someone else’s opinions, their lives a mimicry, their passions a quotation – Oscar Wilde