Article > The Internet Is Not Magic
Description :: The internet works in non-mysterious ways.


Information travels to and fro on the internet in a logical, predictable manner. There are no mysteries.

I'm not even trained in interwebs development; I just kinda got thrust into these world wide webs when people at my current job decided that making everything a website would be a cool thing to do, and that desktop-based applications were "super icky." So I learned as I went, picking up bits and pieces about how things work here and there along the way.

Because of this, and because my general lack of self-confidence (or maybe it's more of a fear of looking stupid), when I needed to architect an SSO (single sign-on) solution to better leverage organizational synergies in order to provide a value-add to our customer bas...sorry, I got business-stupid there for a second: When I needed to come up with a way to tell this other system, "Hey y'all! This'n here guy-dude is alright with me. Go on ahead and let 'em all up in your webs" for people that had already logged into my system, I decided to ask around on the webunets first, to see if other developers had done this sort of thing before. A professor in college told me, repeatedly, "Never be too proud to steal a good idea," and that was my aim here. Also, I had an idea on how I might go about solving this problem, and I wanted to see what unbiased third parties would think of it. My idea was based on a solution to a very similar problem that other, more-smarter people had come up with for another system that my system interacts with.

Here are the responses that I have received so far, paraphrased:

1. Rolling your own solution is bad. Instead, you should use this other solution that involves a whole bunch of stuff that you never mentioned having installed or even being able to run, but you should use it anyway, because that's what I use, and it works great.

2. Google it.

3. What you are trying to do is unpossible. You and the owners of the other system should have worked this relationship out at the beginning, when neither of you had any idea the other existed.

4. What you are trying to do is unpossible. You shouldn't even bother with it. Just tell your boss that you suck at doing your job and that you would like to be fired at his earliest convenience.

5. Here is an incomplete solution to your problem that doesn't work. It has the added bonus of being completely insecure, for reasons that I won't explain.

Do you notice anything lacking from those responses? If not, I'll tell you what's lacking, for FREE!

Not one of them addressed my proposed solution in any meaningful way. The first response only considers my proposed solution long enough to imply that rolling my own solution is a bad thing to do. Normally I agree with that; I've heard countless stories about programmers wasting lots and lots of time rewriting, poorly, functionality that already exists in some freely available library, or spending days developing a convoluted, incorrect solution to a simple problem that was solved ages ago. So I dig it; rolling your own solution is typically a bad idea. But my proposed solution wasn't something I grabbed out of my...the air. It was, as I mentioned, based on a solution to a similar problem that has been working for its implementers for a good long time. So I wouldn't really call my proposed solution completely hand-rolled.

The other responses ignored my solution completely, telling me that the solution to my problem doesn't exist. WHAT ABOUT THE ONE RIGHT UP THERE IN THE FIRST FREAKING POST?! By telling me a solution to my problem doesn't exist, are they implying that my solution is flawed or otherwise insufficient?! I'll never know! Hooray communication!

Which brings us back to my original assertion; the internet is not effing magic. If my solution won't work, or if the solution in response #5 above is insecure, then there is a reason why it won't work or it is insecure. And that reason can be precisely explained with absolutely no hand-waving or other misdirection. Internet things aren't insecure just because you feel like they might be. If you think an internet thing is insecure, then for the sake of the internet, explain why. Draw us a picture if you have to. "OMG dude thats realy insecure, lol!" doesn't effing cut it.

I've whined and griped about the reticence of people to explain their ideas when they're trying to act smarter than you before, and I suppose that this may be more of the same. However, I think this particular reluctance might have something to do with the fact that no one understands the web. They think they do, and sure, they can make a website that does good stuff, but they still have no idea how the web works.

I honestly believe that the people behind the responses I listed above are implying that my solution is insufficient and then not explaining why not because they're super jerks who like to be particularly unhelpful, but because they don't have a really firm grasp on how the web works. In other words, they can't explain to me why they think it won't work or why it is insecure.

Do I know everything about how the web works? Heck no! But I do know that it works and that no magical aether is involved anywhere in the process. But trying to convince some people of that is a difficult thing to do. Hey, is your website not behaving as expected? It's probably some kind of problem with the RAM on the web server. It can't be that you don't understand the ASP .NET PostBack model. Hey, did 200 user accounts get hacked this weekend? It must be that they all had key-loggers installed on their computers, not that you send their login credentials all over the internet to hell and back in clear text. Hey, is this SSO process secure and not crappy? No? Why? Because the flimper wangles are dlingling over the xionty haas? Oh. That makes sense.