|
There are very few days at my old job where I was happier than when I found out we were migrating our websites to wpengine which has built in, literal 1-click, support for lets encrypt Also, as a parting gift I set up our adfs ssl cert to use let’s encrypt
|
# ? Apr 29, 2021 15:47 |
|
|
# ? Mar 28, 2024 18:37 |
|
We run on-site DNS and using it is mandatory. They also refuse to provide api access to make the txt records, so lets encrypt is more of a chore than it's worth. Instead when we want ssl they spin off a new wildcard cert for whatever machine needs it.
|
# ? Apr 29, 2021 15:52 |
|
New job actually uses venafi for cert management and it has a terraform module so it’s been pretty painless
|
# ? Apr 29, 2021 15:54 |
Look I hate Sales dudes as much as anyone here, but sometimes people do really stupid poo poo. At my last photography job, some dude put his camera bag on the stove in his apartment--the same stove he left a burner on. Then he went to take a shower. He comes out when the smoke alarm goes off. Five grand in camera gear AND his kitchen, up in smoke.
|
|
# ? Apr 29, 2021 15:55 |
|
DelphiAegis posted:Is that because people do self-signed certs and are stupid and let them expire and such? Yes. LetsEncrypt is a loving lifesaver.
|
# ? Apr 29, 2021 16:19 |
|
BlackBerry competing with HP Aruba for worst support this week. They just keep repeating cut-paste answers that aren't the solution, that they could check themselves if they looked at our account for 2 seconds. Aruba: "Sir this will not take your production network down" *wireless cuts out* "We were unable to fix the issue. Kindly set up another time for us to solve the case."
|
# ? Apr 29, 2021 16:29 |
|
Bob Morales posted:We keep a copy of our keepass database in a fire safe, on a USB drive, along with some hard drives and tapes. I did this for his entertainment. Hidden partition or whatever. Found the USB drive on my desk with a note "Do it the way so I don't need PGP on my computer" Not sure on what that means Also, random update: The firmware we run on our Fortinet doesn't recognize user groups in Radius. We can upgrade, but that breaks the vpn service. Ugh.
|
# ? Apr 29, 2021 16:37 |
|
ConfusedUs posted:Look I hate Sales dudes as much as anyone here, but sometimes people do really stupid poo poo. "Never attribute to malice what you can to stupidity" is my baseline here.
|
# ? Apr 29, 2021 17:14 |
|
Hopefully that places logs every incident to look for patterns, I know some places actively do that because a bunch of marketing/sales phones/laptops always conveniently break right after the latest model is announced. They always get greedy and can't stop themselves from continuing to do it.
|
# ? Apr 29, 2021 17:18 |
|
Boss makes a dollar, I make a dime. That's why I spike my company cell phone into concrete every fall.
|
# ? Apr 29, 2021 17:41 |
|
xzzy posted:Boss makes a dollar, I make a dime. That's why I spike my company cell phone into concrete every fall. I feel like this flows better: Boss makes a dollar, I make gently caress all. That's why my work cell breaks every fall.
|
# ? Apr 29, 2021 18:25 |
|
kensei posted:I feel like this flows better: My new job is sending me my laptop and phone this week since I start on Monday. I look forward to the unlimited data that corporate plans here have.
|
# ? Apr 29, 2021 20:01 |
|
Apparently a lot of Dell notebooks have some lovely fan that needs to be replaced. So I open a ticket and tell my boss that I won’t be working that much because he noise is driving me insane. She replies: oh, lots of people have that issue just call they help desk and they’ll give you the number to Dell and you get to book a technician to come visit. So I call help desk and they recognize the issue and tell me that they will add the number as a comment to the ticket and then I should call that number. Can I just have it now? No, you have to wait for someone to handle the ticket first. The dude on the phone even made sure to tell me it doesn’t matter who takes the ticket because everyone knows that it’s a common hardware error blah blah blah. That was before lunch today, and now it’s bed time. Still nothing in the ticket.
|
# ? Apr 29, 2021 21:08 |
|
The Fool posted:There are a bunch of use cases where lets encrypt isn’t practical or possible. Stuff like managing your own CA, or dealing with a 3rd party CA all have their own headaches. But this is kind of the best part about it. It solves the extremely common and easy use cases before the complexity curve does that hard bend for all the stuff you're talking about.
|
# ? Apr 29, 2021 21:21 |
Bust my rear end to get a replacement MFP out, only to find out all the toners are drained and the ADF rollers are gone. I had to take the rollers from our own printer. Dude was mad because I don't have any toner to give him. Meanwhile, I'm wondering why I even bother getting up from my desk because there's an even chance going off to do work just digs a bigger hole and I'll still be a loser, just a tired loser.
|
|
# ? Apr 29, 2021 22:34 |
|
ConfusedUs posted:Look I hate Sales dudes as much as anyone here, but sometimes people do really stupid poo poo. Phones are a big status symbol for Salespeople, and I've seen multiple corporate Blackberries mysteriously die in a short timeframe when they went out of vogue. The owners had a choice of replacement device and sure didn't want another Blackberry. There's a difference between "this is my livelihood" and "this is what I show off to the clients to feel cool and awesome".
|
# ? Apr 30, 2021 03:01 |
|
Neddy Seagoon posted:Phones are a big status symbol for Salespeople, and I've seen multiple corporate Blackberries mysteriously die in a short timeframe when they went out of vogue. The owners had a choice of replacement device and sure didn't want another Blackberry. It's strange these days though, since every phone is an identity black rectangle
|
# ? Apr 30, 2021 03:11 |
|
zokie posted:Apparently a lot of Dell notebooks have some lovely fan that needs to be replaced. So I open a ticket and tell my boss that I won’t be working that much because he noise is driving me insane. She replies: oh, lots of people have that issue just call they help desk and they’ll give you the number to Dell and you get to book a technician to come visit. You could just look up the support phone number on dell.com? Or you could probably just do a chat session there while browsing the forums, and not even have to spend time on the phone talking to a human.
|
# ? Apr 30, 2021 07:53 |
|
regulargonzalez posted:It's strange these days though, since every phone is an identity black rectangle https://www.youtube.com/watch?v=aZVkW9p-cCU
|
# ? Apr 30, 2021 11:02 |
|
I'm deploying data recording software for another location. They have been given approval to buy what ever hardware I recommend to get the deployment done. Instrument management boxes that will format everything to the same output. They have boxes, but they are old and not the same as other locations. " Nope, our boxes work just fine. Why replace them" I tried to explain by having all the instruments use the same output format, it makes things easier as every output format requires a different template. I get that nobody likes jerkoffs from another location telling them what to do. But why would you turn down lab upgrades that don't come out of your budget
|
# ? Apr 30, 2021 14:23 |
|
joebuddah posted:I'm deploying data recording software for another location. Because it works just fine and they don't like change .
|
# ? Apr 30, 2021 14:27 |
|
spending 12K/mo for the past year on synthetic ping checks for services in k8s we're literally just checking to see if api.blah.blah.com/ping returns a 200... and have been spending to do so 10 times/min for like 20 different services
|
# ? May 3, 2021 15:07 |
|
That's one expensive ping-pong table.
|
# ? May 3, 2021 15:54 |
|
Azure Monitor can do basic stuff like that for almost free. I'm sure AWS has an equivalent but I only know the Azure one because a team deployed some apps with no monitoring and then got upset when they weren't being monitored.
|
# ? May 3, 2021 16:45 |
|
The Iron Rose posted:spending 12K/mo for the past year on synthetic ping checks for services in k8s Could be worse, could be that your health checks have your micro services check in their dependent micro services health also so if one thing goes down everything just breaks in a big failure cascade and k8s never has a chance to like restart failing nodes. Or even better, some of the services might trigger exceptions in their health checks because of lazy backend programmers so now the first thing you need to do to see anything interesting in the log is to filter the 20k exceptions caused daily by the health check.
|
# ? May 3, 2021 20:04 |
|
I do infrastructure automation, why are you asking me to troubleshoot your maven build.
|
# ? May 3, 2021 20:52 |
|
Just a friendly reminder to USE A loving SERVICE ACCOUNT when you're deploying a new service. I've spent all day helping my team resolve a bunch of issues because a departing team member used their own account to set up LDAP binding for half a dozen services, which all broke after he left last week.
|
# ? May 3, 2021 21:38 |
|
Sirotan posted:Just a friendly reminder to USE A loving SERVICE ACCOUNT when you're deploying a new service. I've spent all day helping my team resolve a bunch of issues because a departing team member used their own account to set up LDAP binding for half a dozen services, which all broke after he left last week. Ah, the proverbial last “gently caress you” of a departing employee.
|
# ? May 3, 2021 21:56 |
|
DoomTrainPhD posted:Ah, the proverbial last “gently caress you” of a departing employee. I mean, that would be a masterful gently caress you if you did it intentionally on boxes that are difficult to troubleshoot and are 100% undocumented. Too bad 99% of these cases are because 'no documentation' and 'whatever creds I had handy that made it work' are the standard by which all IT projects are held to.
|
# ? May 3, 2021 22:04 |
|
zokie posted:Could be worse, could be that your health checks have your micro services check in their dependent micro services health also so if one thing goes down everything just breaks in a big failure cascade and k8s never has a chance to like restart failing nodes. hahahahahaha we do exactly the same thing (except we don't tie k8s automation to synthetics failing, thank god), except the only automation our health checks do is trigger a pagerduty incident/post in slack, so at least it doesn't completely break a cluster. Sirotan posted:Just a friendly reminder to USE A loving SERVICE ACCOUNT when you're deploying a new service. I've spent all day helping my team resolve a bunch of issues because a departing team member used their own account to set up LDAP binding for half a dozen services, which all broke after he left last week. my old boss the IT director got fired because he refused to let us create a datadog service account for terraform automation because "it's a shared account!" and then gave us no path forward from it, even though the status quo was using an individual engineer's API key.
|
# ? May 3, 2021 22:09 |
|
Methylethylaldehyde posted:I mean, that would be a masterful gently caress you if you did it intentionally on boxes that are difficult to troubleshoot and are 100% undocumented. Too bad 99% of these cases are because 'no documentation' and 'whatever creds I had handy that made it work' are the standard by which all IT projects are held to. The biggest gently caress you I ever gave to an ex job was to give them two weeks notice three months before the product was to be released. They ended up spending 250~k on a contract house to finish the product. All because they refused to give me a $40k raise from 80 to $120,000. I regret nothing.
|
# ? May 3, 2021 22:11 |
|
DoomTrainPhD posted:The biggest gently caress you I ever gave to an ex job was to give them two weeks notice three months before the product was to be released. They ended up spending 250~k on a contract house to finish the product. All because they refused to give me a $40k raise from 80 to $120,000. I regret nothing. tbh they probably factored in that a 1 time lump sum would save over years of 120k
|
# ? May 3, 2021 22:30 |
|
Slumpy posted:tbh they probably factored in that a 1 time lump sum would save over years of 120k You're giving them ENTIRELY too much credit. The cold calculus of business in this case was probably more like: Doom: I'm knocking this project out of the park, and I want a fat 50% raise because of how great I am and by extension this project will be. Bossman: Haha, no. Get back to work, that automatic money counter won't code itself. Doom: You're right, it won't code itself. Here's my 2 weeks notice, I quit. Bosman: How dare you? Why don't you have any loyalty? I paid you market rate! Market rate, you hear meeee?!?/???
|
# ? May 3, 2021 22:51 |
|
Methylethylaldehyde posted:You're giving them ENTIRELY too much credit. The cold calculus of business in this case was probably more like: More like: Doom: I'm knocking this project out of the park, and I want to be paid what I am worth. Here is what an embedded Linux engineer makes on average for the area. Boss: Lol no, I can replace you in two weeks. (Yes, he said this.) Doom: Fine, here's my two weeks notice, I found a company that will pay me $125,000/year. Boss: poo poo! Fine! We will hand it over to the contract house, it's going to cost at least $100,000! * A year passes * Ex-Cowoker/Friend during a lunch/catch up: Yeah, they released the product. The invoices for the contract house were over 250k. Also, we couldn't find a replacement for you until we set the position to 120k, he starts next month.
|
# ? May 3, 2021 23:45 |
|
does terraform not expose any way to manage the expiry/rotation time for secrets managed as code or am I missing something super obvious here. I would really like to mandate rotation windows in code and I'm shocked that even though this is totally supported in the API terraform has no support for it. I know I can accomplish this with Cloud KMS, but at that point I'm re-implementing secrets manager and that seems silly.
|
# ? May 3, 2021 23:54 |
|
DoomTrainPhD posted:More like: Ok wow, I severely overestimated your boss' competence and underestimated how miserly he is. Isn't the rule of thumb for any project that involves code is 6 months to get 100% up to speed on a more complex project?
|
# ? May 4, 2021 01:16 |
|
DoomTrainPhD posted:Ah, the proverbial last “gently caress you” of a departing employee. Yeah, no, this was just incompetence/cowboy ITing. This guy was a real know-it-all rear end in a top hat who thought he was smarter than everybody else and thought of the services he managed as "his". No documentation, got defensive if anyone ever tried to make suggestions or point to best practices. With the exception of one change I found made last week everything else was months/years old. Can't say I'm sad he's gone.
|
# ? May 4, 2021 02:36 |
|
Methylethylaldehyde posted:Ok wow, I severely overestimated your boss' competence and underestimated how miserly he is. Isn't the rule of thumb for any project that involves code is 6 months to get 100% up to speed on a more complex project? Yeah. He hosed himself royally and it's still funny to me every time I think about it. They did eventually release and have had 2 whole updates in a year because the new guy is apparently milking them for all their worth.
|
# ? May 4, 2021 05:43 |
|
Documentation chat: At $AWFUL_JOB one of my colleagues (in a company of five people) setup a rather large network for a multi-site office. Multiple MPLS endpoints, routers, servers, IP PBX, wifi, everything. My job was post deploy support. I asked him for his documentation and he told me to check our wiki. The documentation was basically this: code:
So when my colleagues now push back on documentation, I don't give up an inch.
|
# ? May 4, 2021 13:22 |
|
|
# ? Mar 28, 2024 18:37 |
|
Jerk McJerkface posted:
What more do you need?
|
# ? May 4, 2021 13:26 |