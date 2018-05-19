from the who-needs-QA-when-we-can-test-it-on-production dept.
At around 9:15 UTC [17 May] Salesforce pushed a database script update that was intended to add modify all permissions to a specific internal profile used by their Pardot service. Due to a scripting error View and Modify All Objects Permission was granted to all user profiles for all organizations that ever had the Pardot product, including public facing community instances. This was of course a security nightmare for customers, especially those in the Financial and Health sectors, and an emergency change was pushed around 10:00 UTC to revoke all permissions to all profiles except for administrators. No announcement was made on their status sites due to the potential for bad actors to take advantage of the security issue that was introduced until the databases could be locked down. Further action was taken around 11:00 UTC to take down PODS completely, likely to further mitigate access risk which effectively expanded the outage to customers that never used Pardot but shared an instance with customers who did.
Salesforce is holding hourly calls, and recently admitted that the script had run both in their production PODS and also in the Passive Disaster Recovery Instances, complicating the ability to recover from the issue. There is currently no ETA for recovery, though it is still their hope that they will not have any data loss. They are beginning to bring back up instances, but only administrators will have access initially and it will require additional time before administrators will be able to modify permissions and rebuild profiles and there will be a longer wait yet before profile settings can be restored from backup.
Coverage at: Geekwire, The Register, and reddit
(Score: 0) by Anonymous Coward on Sunday May 19, @12:39AM (1 child)
(Score: 0) by Anonymous Coward on Sunday May 19, @01:06AM
(Score: 3, Informative) by sshelton76 on Sunday May 19, @12:46AM (1 child)
This demonstrates pretty clearly why modern paradigms such as "Agile", "move fast and break things" and even devops is bad.
Programming and QA and sys-admin duties should never, ever, ever be combined into a single department, let alone a single person.
I find it telling that just a little under a year ago Salesforce got rid of QA by merging it with Dev and firing anyone who couldn't adapt.
https://www.indystar.com/story/money/2018/08/06/salesforce-reorganization-shed-workers-indianapolis/914544002/ [indystar.com]
They then fired a bunch of their long time guys and farmed their duties out to the lowest bidder from India, but before forcing them to train their replacements.
https://h1bdata.info/listlca.php?em=SALESFORCE [h1bdata.info]
As a result, a lot of institutional knowledge is just gone and the people left behind are those who didn't have the skills to get employed elsewhere before the house of cards collapsed.
Something like this NEVER would have made it out of Q&A had they just left things in place. But chasing the next quarter's "growth targets" and short sighted managers who can't see past their next bonus are directly the cause.
Note to anyone considering outsourcing... You will save a little money upfront because these guys will over promise and under deliver. They overstate their skills and it isn't until everything implodes like this that you, as a person who has not done the job every day for years, will realize that you were conned. Good luck hiring back the guys and gals you let go.
(Score: 2) by sshelton76 on Sunday May 19, @12:50AM
Should read, "but not before forcing them to train their replacements.
Which brings up another question... If a person is made to train their H1B replacement, doesn't that sorta say two things.
First off the H1B didn't already have the skills by virtue of needing to be trained, ergo why was he or she brought over in the first place?
Secondly that the H1B wasn't really needed because there was already someone doing the job and the whole point of an H1B is that there is no one in the US labor pool who has the skills to do the job?
(Score: 1) by RandomFactor on Sunday May 19, @12:48AM
On the bright side, better now than next weekend I suppose. Not getting those Memorial Day spam^h^h^h^hmarketing emails out would tick off a lot of customers.
(Score: 2) by ataradov on Sunday May 19, @12:52AM
Our corporate stuff got turned off, but then went back online some time around noon the same day. Not sure if the data loss was a concern, but it sucked and affected my work for half a day.
Not that SalesForce does not suck when it works as designed.
(Score: 0) by Anonymous Coward on Sunday May 19, @01:08AM
