SoylentNews

I had asked my employee to set up a server at my place, so a closed user group of us and my customers could access automated builds. Most basic stuff, a Raspi 3 behind a consumer grade DSL/WLAN router with NAT. Port forwarding on 80 and 443. Dynamic name service. Let's encrypt certificates. As simple as it gets. The particular consumer router doesn't "bounce back" the port forwarding. ICMP Pings come back from the external IP, but we can't access the server from the intranet via its external (DNS provided) IP through TCP. Lacking any local naming logic, we simply use the fixed 192.168 address, no biggie.

Now, earlier today, she called me over to show me something was working. At the second glance I noted that the main page of the server was there in a Safari window, together with the domain name in the address bar. At first, I thought maybe something with the router had changed and the bounce was working now. I tried on two other Macs, one with the same 13.1 OS, the other with an older 10.15.7. No go. Dead as usual. We retried the trick on the machine she was working on, and this time it was not connecting, back to usual.

Short of some weird flakiness in the router, the only explanation would be that the site was accessed from the outside, which would mean Safari had tunneled out and got back somehow. There is this "Apple Private Relay" thing, but we're far away from any iCloud subscription. "Privacy" settings must have been more or less "works".

I'm not too fond of the likelihood that my company traffic gets "abducted".

I recently had to work with a large piece of well aged and reliable legacy software that had to be modified to include data protection for some sensitive personal information due to recent legislation. Developers not experienced with security bolted on some encryption. They made up their minds on what to do on the fly, as they tried to somehow add the security features. It could be expected, that under such circumstances, they ended up with a confusing mess of obfuscation that couldn't even really called "secure". Anyone with knowledge of the inner workings would be able to reconstruct all the data from accessible files. Yet they had to write extra software, not only for handling passwords, but also for moving data between machines that could be moved by simple file transfer before. Debugging this also became annoying, with many road stops, and I flinched a lot.

But in this journal entry, I don't want to highlight how good or bad this implementation was, but how much time it took to deal with the issues. Many person-months were spent on getting it to run or working around the hurdles it created. And more will be spent in the future to sort out persisting issues and go forward.

Of course, I have thought about how the setup could be made to work in a proper secure way. It would mean, much simplified, moving the key management to a separate process running as root, and throwing away the root password and the keys for the padlock on the machine case. As a consequence, all normal administration would have to happen elevated from root. But again, the details don't matter here. What matters is my estimate that implementing it would have taken at least as much time as the weaker implementation.

Fred Brooks, in "The Mythical Man Month" has a figure, the first in the book, showing the double evolution from a Program to a Programming System Product. He postulates that each single evolution, from Program to System, or from Program to Product increases the required effort by a factor of three. These combine, so getting from a Program to a Programming System Product will take a ninefold effort.

I postulate that the addition of securing the processed data will add another factor of three. Therefore, a Secure Programming System Product - that is secure, interacts with other programs, and can be deployed to end-users - will take twenty-seven times the effort of writing a simple self-contained Program for the same task without the extra considerations.

Don't fool yourselves when you make fixed-price offers. ;)

satignant adj

Contraction from Latin "satur" (stuffed, full) and "ignavus" (lazy, cowardly, inactive).

The unwillingness of a person or entity to make an effort as a consequence of a (possibly overly) satisfied state.

Examples:

During a production planning meeting for an electronic device:

Engineer 1: They outright rejected our manufacturing inquiry, because our PCB had a dozen THT parts.
Engineer 2: That's a totally satignant shop, they only do what they can easily run through their pick'n'place.

During a joint US/Russian air meet, while watching an air display:

Young US pilot: Look at these huge turns, they're not pulling proper G-forces.
Young Russian pilot: Too many colonels. Is same in Russia. Become satignant.

Between two metalheads over an online article:

Metalhead 1: Metallica will only play eight shows this year!
Metalhead 2: Hardly news. They're that satignant since they sold out with the black album.

We came across the issue in a discussion about Apple claiming it couldn't get the right screws in the US, and I chimed in that I had problems finding a shop in Germany that could reasonably manufacture PCBs with vertically mounted axial through-hole components: It is a state of large parts of the western industry in general, where entrenched companies lose flexibility. But amazingly, there is no word to describe it. I used the word "complacent", knowing it was slightly off, being translated to German "selbstgefällig". Someone pointed that out, but I couldn't find a better word in the Thesaurus. German has another word, "saturiert", used mostly tongue-in-cheek to describe someone who "has made it" and has no further need to achieve anything. Still, while it indicates that those don't have to make efforts anymore, it doesn't imply that those would actually stop. Also, in English the transliterated word "saturated" does not have that meaning, but is rather technical. (English still lacks an exact equivalent, "satiated" would come very close, I guess, while "languorous" might be the impression in an overly satiated state).

So I had a look at the latin dictionary to see what word stems would fit, and assembled the most suitable ones to "satignant".

Enjoy your new ability to describe the decline of the western civilization in one word. :)

Oh... I'm not really proficient in eastern languages, but 飽鈍 (hōdon, bǎo dùn) might be a start for them (unless I overlooked some other way off meaning...).