When Marketing decided to touch the database
Posted by Mikey_Da_Foxx@reddit | talesfromtechsupport | View on Reddit | 65 comments
One of my previous roles was as a DBA for an e-commerce company. One day I was plugging along turning coffee into code when all Hell broke loose. Our marketing team decided to launch a "personalized" email campaign without consulting IT first, or even consulting anyone, really.
Out of nowhere, suddenly our servers started screaming at a pitch I don't ever want to hear again in my life. CPU usage spiked to 100%, and queries slowed down to zero. My first though was that we were being hit by a DDOS attack. What I found was far more facepalm-worthy.
The marketing team had written a query to send personalized emails to our entire customer base – all almost 5 million of them. Their query pulled data from nearly every table in our database, joining them in the most inefficient way possible. The icing of the cake was that they had set it to run every 5 minutes. It was later described by my senior to the bosses as like watching someone try to empty the ocean with a teaspoon, only to refill it with a fire hose every few seconds.
After some frantic calls and a lot of explaining (with technical terms I'm sure they didn't bother even trying to undersatnd), we managed to get them to pause the campaign. It took three days of optimization, index creation, and query rewriting to get their personalization working without bringing our entire infrastructure to a standstill.
The silver lining? Management finally approved our long-standing and often-denied request for a separate analytics database. Sometimes, it takes a near-catastrophe to get the resources you need
JoeDonFan@reddit
As soon as I saw "Marketing" I knew it would be fun.
Juranur@reddit
The DDOS is coming.... from inside the house!! D:
hydrogen18@reddit
so it emailed the entire customer base every 5 minutes?
StevenXSG@reddit
Please say marketing has no direct access to either and had to request a report to be created to get any information
Mikey_Da_Foxx@reddit (OP)
Well, they don't have access now...
notsooriginal@reddit
Pardon me while I go scream into the void for the next few hours.
Chakkoty@reddit
gasp But space is a vacuum!
Severe_Ad_5914@reddit
Pardon me while I go dispose of the bodies for the next few hours.
johndcochran@reddit
A mixture of concentrated hydrogen peroxide and sulfuric acid may be useful for that.
DaddyBeanDaddyBean@reddit
Pardon me while I go scream into the empty bodies for the next few hours.
Jacqques@reddit
That would be illegal under European GDPR laws.
No idea if you operate in Europe or not, but you can use it to limit people’s access to the db. Remember you might want to sell in Europe in the future.
noceboy@reddit
Theoretically it could be legal under the GDPR, but unlikely (marketing having access to all databases?!).Always operate under the principles of need to know and least privileged.
BTW: you don’t have to operate in the EU to be affected by the GDPR. If you process data about EU citizens you have to comply.
Jacqques@reddit
Ment operate as in do business in Europe, but I can see that was likely the wrong English word.
I think the only way marketing gets access to all dbs is if they legit don’t have any gdpr protected data.
davethecompguy@reddit
This should be called "doing an Elon Musk".
Harley11995599@reddit
🙄
TheRealJackOfSpades@reddit
I think this could have been sumarized as "marketing has access to production" and we could have predicted the results accurately.
klargstein@reddit
the joys of AI generated SQL I guess ?
WhispersOfCats@reddit
Fucking Marketing fucks up shit all the time
Sthom_1968@reddit
As soon as I saw "marketing" and "database" in the heading I thought "this will not end well". I was not disappointed.
vaildin@reddit
Are you kidding? It happened during normal office hours, and they got new resources out of it. That's a happy ending all around.
Mikey_Da_Foxx@reddit (OP)
There needs to be a big sign with the llama from Emperor's New Groove: NO TOUCHY!
https://m.media-amazon.com/images/I/61BIvLiJvzL._AC_UF1000,1000_QL80_.jpg
Sthom_1968@reddit
"Avoid lump-hammer related work incidents - do not touch."
paishocajun@reddit
In my office we have PM percussive maintenance, GAP Maintenance (gravity assisted), and I might now be adding HAP Maintenance (hammer assisted) lol
AngryCod@reddit
We also keep a traditional clue-by-four and a training brick. You know, for when the problem is wetware-related.
grendus@reddit
"This is the CAT-5'o Nine Tails. Don't give me reason to use this."
"You're not allowed to chain up marketing and flog them."
"Shoulda read the fine print on your employment contract."
KelemvorSparkyfox@reddit
If you use CAT-5 to make a cat o' nine tails, does that make it a cat o' forty five tails?
Environmental-Ear391@reddit
not really... just extra claws with the paws ;-)
Ranger7381@reddit
“On my employment contract”
FTFY
ozzie286@reddit
Add in DHAP, for Drop Hammer assisted
sheikhyerbouti@reddit
Clarkson: Right, now where are my hammers?
Sthom_1968@reddit
We have Mjolnir Jr. aka the "universal data sanitisation device".
paishocajun@reddit
Waiting for income tax return to come in, will be buying a small sledge and spraying it silver now for my office lol
work_work-work@reddit
I guess you haven't heard of Blinkenlichten.
LadyCiani@reddit
Marketing Operations here.
When did this take place?
I've been using a dedicated marketing automation tool since 2011, and sending marketing emails using a dedicated email platform since 2006. None of those require writing direct code to a database.
And a tool that can email 5m people would/should have a dedicated IP and separate email domain, plus throttle the email send rate.
Loading_M_@reddit
From what it sounds like, this wasn't a dedicated tool, but rather the director's nephew was asked to create a tool.
mohosa63224@reddit
I had a love/hate relationship with ExactTarget (I think Salesforce took them over, so who knows how it is now.)
codyish@reddit
That's what I was thinking. There is no shortage of tools available that make this sort of campaign trivially easy to execute, even for somebody with minimal technical expertise. What company with 5 million users doesn't use iterable/hubspot/zendesk or something like that?
OutspokenOctopus@reddit
Also, from a Digital Marketing standpoint it’s not best practice to suddenly spike your email sends to 5 million, you would end up with a bad reputation and all your emails would be blocked r in the spam folder for months
Battlepuppy@reddit
They wrote that against production?
Yikes!
swabbie@reddit
This being in an ecomm company, I'm hoping this was awhile ago...
In the later Payment Card Industry Data Security Standards, query level access is now only allowed for DBA's or by set applications that have been thoroughly tested. Though email addresses themselves call fall out of scope, it's good practice to lock down all customer data similarly.
Such rules are born from the blood from previous fuckups.
(ref: PCI DSS v4.0 section 7.2.6)
steveparker88@reddit
"they had set it to run every 5 minutes."
WAT
Gift_Inside@reddit
Whi gave them name/ip address of DB servers and credentials?
Peanut_The_Great@reddit
All that to send me an email that's probably going to be filtered as spam
horizonx2@reddit
The query is coming from inside the house!!
cbelt3@reddit
And your domain is now on everyone’s SPAM block list. Win !
Stephen_Dann@reddit
Shocked that you hadn't designed the DB to allow a query like this to run without any issues and spec'd the server to be able to handle it. If you had given it 1000 CPU cores then there would not have been any need for you to intervene with their actions. /s
Seriously as soon as I saw Marketing and touch the database, knew it was going to be describing a shit shower of their making.
af_cheddarhead@reddit
Oracle would love to sell you a license for all 1000 cores. ;-0
mohosa63224@reddit
I was just gonna say this, but then I scrolled down a bit and saw your comment. Updoot to you.
mohosa63224@reddit
It's tales like this that I think the IT folks at two previous jobs were thankful for my IT skills. In addition to running a homelab since my teens, I've also worked a couple of IT support positions.
So when I was hired on as a contractor to do nothing but email marketing once upon a time, I mostly knew what to do, and if not, liaise with the company's IT dept to find out the best way to do what the bosses needed me to do.
coming2grips@reddit
I once overheard a very smart service manager once saying that the difference in being effective is being able to spot waves you ride out and the ones you surf all the way.
4me2knowit@reddit
Someone was driving a harvester on an F1 track wondering what the fuss was
Rathmun@reddit
No, they hotwired the F1 car and tried to use it to harvest a field of corn, then wondered why the maintenance crew started yelling at them.
NatChArrant@reddit
So it was an MDOS -- Marketing Denial of Service -- attack
KelemvorSparkyfox@reddit
And, thankfully, Marketing ended up Denied Service.
snowboardg42@reddit
Sometimes? It always takes the sky to fall before the bean counters and top management approve spending money on something other than their bonuses.
Mikey_Da_Foxx@reddit (OP)
If it works, they don't need us, what are they paying us for?
If it's broken, clearly we're useless, what are they paying us for?
Hamster-Food@reddit
I'm starting to suspect they just don't want to pay us.
Purple-Lie-354@reddit
Ya think?!?
Eraevn@reddit
Every 5 minutes to pull all that information that poorly? Good lord.
glenmarshall@reddit
Marketing is the bane of existence to IT. It has ever been thus.
hbg2601@reddit
I can hear the sound of the servers screaming in my head. Makes me break out into a cold sweat.
"Well, Clarice… have the servers stopped screaming?"
dvicci@reddit
"~~Sometimes, it takes a near-catastrophe to get the resources you need~~"
"It always takes a near-catastrophe to get the resources you need."
There, I fixed it for you.
misatolily69@reddit
Someone should turn this into a Michael Bay-esque disaster movie.
GreenEggPage@reddit
"If we don't stop them, the server will explode!"
BOOM!
"Oh no - we've only got 37 more servers left!"
misatolily69@reddit
Add a little Ricardo Diaz to it.
Marketing Dept. Head: "Stupid thing doesn't do what I want!" *shoots it with desert eagle*