Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
The Fool
Oct 16, 2003


There are very few days at my old job where I was happier than when I found out we were migrating our websites to wpengine which has built in, literal 1-click, support for lets encrypt



Also, as a parting gift I set up our adfs ssl cert to use let’s encrypt

Adbot
ADBOT LOVES YOU

xzzy
Mar 5, 2009

We run on-site DNS and using it is mandatory. They also refuse to provide api access to make the txt records, so lets encrypt is more of a chore than it's worth.

Instead when we want ssl they spin off a new wildcard cert for whatever machine needs it. :downs:

The Fool
Oct 16, 2003


New job actually uses venafi for cert management and it has a terraform module so it’s been pretty painless

ConfusedUs
Feb 24, 2004

Bees?
You want fucking bees?
Here you go!
ROLL INITIATIVE!!





Look I hate Sales dudes as much as anyone here, but sometimes people do really stupid poo poo.

At my last photography job, some dude put his camera bag on the stove in his apartment--the same stove he left a burner on. Then he went to take a shower.

He comes out when the smoke alarm goes off. Five grand in camera gear AND his kitchen, up in smoke.

dragonshardz
May 2, 2017

DelphiAegis posted:

Is that because people do self-signed certs and are stupid and let them expire and such?

Yes.

LetsEncrypt is a loving lifesaver.

Bob Morales
Aug 18, 2006


Just wear the fucking mask, Bob

I don't care how many people I probably infected with COVID-19 while refusing to wear a mask, my comfort is far more important than the health and safety of everyone around me!

BlackBerry competing with HP Aruba for worst support this week.

They just keep repeating cut-paste answers that aren't the solution, that they could check themselves if they looked at our account for 2 seconds.

Aruba: "Sir this will not take your production network down"

*wireless cuts out*

"We were unable to fix the issue. Kindly set up another time for us to solve the case."

Bob Morales
Aug 18, 2006


Just wear the fucking mask, Bob

I don't care how many people I probably infected with COVID-19 while refusing to wear a mask, my comfort is far more important than the health and safety of everyone around me!

Bob Morales posted:

We keep a copy of our keepass database in a fire safe, on a USB drive, along with some hard drives and tapes.

The keepass file is of course encrypted. We're going to put it in another file, and encrypt that.

Because "if someone found a USB drive with a keepass file on it, they would try to crack the password or upload it to the dark web"

I did this for his entertainment. Hidden partition or whatever.

Found the USB drive on my desk with a note "Do it the way so I don't need PGP on my computer"

Not sure on what that means

Also, random update:

The firmware we run on our Fortinet doesn't recognize user groups in Radius. We can upgrade, but that breaks the vpn service. Ugh.

Raerlynn
Oct 28, 2007

Sorry I'm late, I'm afraid I got lost on the path of life.

ConfusedUs posted:

Look I hate Sales dudes as much as anyone here, but sometimes people do really stupid poo poo.

At my last photography job, some dude put his camera bag on the stove in his apartment--the same stove he left a burner on. Then he went to take a shower.

He comes out when the smoke alarm goes off. Five grand in camera gear AND his kitchen, up in smoke.

"Never attribute to malice what you can to stupidity" is my baseline here.

klosterdev
Oct 10, 2006

Na na na na na na na na Batman!
Hopefully that places logs every incident to look for patterns, I know some places actively do that because a bunch of marketing/sales phones/laptops always conveniently break right after the latest model is announced. They always get greedy and can't stop themselves from continuing to do it.

xzzy
Mar 5, 2009

Boss makes a dollar, I make a dime. That's why I spike my company cell phone into concrete every fall.

kensei
Dec 27, 2007

He has come home, where he belongs. The Ancient Mariner returns to lead his first team to glory, forever and ever. Amen!


xzzy posted:

Boss makes a dollar, I make a dime. That's why I spike my company cell phone into concrete every fall.

I feel like this flows better:

Boss makes a dollar, I make gently caress all.
That's why my work cell breaks every fall.

Sprechensiesexy
Dec 26, 2010

by Jeffrey of YOSPOS

kensei posted:

I feel like this flows better:

Boss makes a dollar, I make gently caress all.
That's why my work cell breaks every fall.

:hmmyes:

My new job is sending me my laptop and phone this week since I start on Monday. I look forward to the unlimited data that corporate plans here have.

zokie
Feb 13, 2006

Out of many, Sweden
Apparently a lot of Dell notebooks have some lovely fan that needs to be replaced. So I open a ticket and tell my boss that I won’t be working that much because he noise is driving me insane. She replies: oh, lots of people have that issue just call they help desk and they’ll give you the number to Dell and you get to book a technician to come visit.

So I call help desk and they recognize the issue and tell me that they will add the number as a comment to the ticket and then I should call that number. Can I just have it now? No, you have to wait for someone to handle the ticket first. The dude on the phone even made sure to tell me it doesn’t matter who takes the ticket because everyone knows that it’s a common hardware error blah blah blah.

That was before lunch today, and now it’s bed time. Still nothing in the ticket.

AlternateAccount
Apr 25, 2005
FYGM

The Fool posted:

There are a bunch of use cases where lets encrypt isn’t practical or possible. Stuff like managing your own CA, or dealing with a 3rd party CA all have their own headaches.

But this is kind of the best part about it. It solves the extremely common and easy use cases before the complexity curve does that hard bend for all the stuff you're talking about.

skooma512
Feb 8, 2012

You couldn't grok my race car, but you dug the roadside blur.
Bust my rear end to get a replacement MFP out, only to find out all the toners are drained and the ADF rollers are gone. I had to take the rollers from our own printer.

Dude was mad because I don't have any toner to give him.

Meanwhile, I'm wondering why I even bother getting up from my desk because there's an even chance going off to do work just digs a bigger hole and I'll still be a loser, just a tired loser.

Neddy Seagoon
Oct 12, 2012

"Hi Everybody!"

ConfusedUs posted:

Look I hate Sales dudes as much as anyone here, but sometimes people do really stupid poo poo.

At my last photography job, some dude put his camera bag on the stove in his apartment--the same stove he left a burner on. Then he went to take a shower.

He comes out when the smoke alarm goes off. Five grand in camera gear AND his kitchen, up in smoke.

Phones are a big status symbol for Salespeople, and I've seen multiple corporate Blackberries mysteriously die in a short timeframe when they went out of vogue. The owners had a choice of replacement device and sure didn't want another Blackberry.

There's a difference between "this is my livelihood" and "this is what I show off to the clients to feel cool and awesome".

regulargonzalez
Aug 18, 2006
UNGH LET ME LICK THOSE BOOTS DADDY HULU ;-* ;-* ;-* YES YES GIVE ME ALL THE CORPORATE CUMMIES :shepspends: :shepspends: :shepspends: ADBLOCK USERS DESERVE THE DEATH PENALTY, DON'T THEY DADDY?
WHEN THE RICH GET RICHER I GET HORNIER :a2m::a2m::a2m::a2m:

Neddy Seagoon posted:

Phones are a big status symbol for Salespeople, and I've seen multiple corporate Blackberries mysteriously die in a short timeframe when they went out of vogue. The owners had a choice of replacement device and sure didn't want another Blackberry.

There's a difference between "this is my livelihood" and "this is what I show off to the clients to feel cool and awesome".

It's strange these days though, since every phone is an identity black rectangle

evobatman
Jul 30, 2006

it means nothing, but says everything!
Pillbug

zokie posted:

Apparently a lot of Dell notebooks have some lovely fan that needs to be replaced. So I open a ticket and tell my boss that I won’t be working that much because he noise is driving me insane. She replies: oh, lots of people have that issue just call they help desk and they’ll give you the number to Dell and you get to book a technician to come visit.

So I call help desk and they recognize the issue and tell me that they will add the number as a comment to the ticket and then I should call that number. Can I just have it now? No, you have to wait for someone to handle the ticket first. The dude on the phone even made sure to tell me it doesn’t matter who takes the ticket because everyone knows that it’s a common hardware error blah blah blah.

That was before lunch today, and now it’s bed time. Still nothing in the ticket.

You could just look up the support phone number on dell.com? Or you could probably just do a chat session there while browsing the forums, and not even have to spend time on the phone talking to a human.

KozmoNaut
Apr 23, 2008

Happiness is a warm
Turbo Plasma Rifle


regulargonzalez posted:

It's strange these days though, since every phone is an identity black rectangle

https://www.youtube.com/watch?v=aZVkW9p-cCU

joebuddah
Jan 30, 2005
I'm deploying data recording software for another location.

They have been given approval to buy what ever hardware I recommend to get the deployment done.

Instrument management boxes that will format everything to the same output. They have boxes, but they are old and not the same as other locations.
" Nope, our boxes work just fine. Why replace them"
I tried to explain by having all the instruments use the same output format, it makes things easier as every output format requires a different template.

I get that nobody likes jerkoffs from another location telling them what to do. But why would you turn down lab upgrades that don't come out of your budget

Neddy Seagoon
Oct 12, 2012

"Hi Everybody!"

joebuddah posted:

I'm deploying data recording software for another location.

They have been given approval to buy what ever hardware I recommend to get the deployment done.

Instrument management boxes that will format everything to the same output. They have boxes, but they are old and not the same as other locations.
" Nope, our boxes work just fine. Why replace them"
I tried to explain by having all the instruments use the same output format, it makes things easier as every output format requires a different template.

I get that nobody likes jerkoffs from another location telling them what to do. But why would you turn down lab upgrades that don't come out of your budget

Because it works just fine and they don't like change :corsair:.

The Iron Rose
May 12, 2012

:minnie: Cat Army :minnie:
spending 12K/mo for the past year on synthetic ping checks for services in k8s

we're literally just checking to see if api.blah.blah.com/ping returns a 200... and have been spending :20bux::20bux::20bux: to do so 10 times/min for like 20 different services :argh:

TheParadigm
Dec 10, 2009

That's one expensive ping-pong table.

Thanks Ants
May 21, 2004

#essereFerrari


Azure Monitor can do basic stuff like that for almost free. I'm sure AWS has an equivalent but I only know the Azure one because a team deployed some apps with no monitoring and then got upset when they weren't being monitored.

zokie
Feb 13, 2006

Out of many, Sweden

The Iron Rose posted:

spending 12K/mo for the past year on synthetic ping checks for services in k8s

we're literally just checking to see if api.blah.blah.com/ping returns a 200... and have been spending :20bux::20bux::20bux: to do so 10 times/min for like 20 different services :argh:

Could be worse, could be that your health checks have your micro services check in their dependent micro services health also so if one thing goes down everything just breaks in a big failure cascade and k8s never has a chance to like restart failing nodes.

Or even better, some of the services might trigger exceptions in their health checks because of lazy backend programmers so now the first thing you need to do to see anything interesting in the log is to filter the 20k exceptions caused daily by the health check. :commissar:

The Fool
Oct 16, 2003


I do infrastructure automation, why are you asking me to troubleshoot your maven build.

:bang:

Sirotan
Oct 17, 2006

Sirotan is a seal.


Just a friendly reminder to USE A loving SERVICE ACCOUNT when you're deploying a new service. I've spent all day helping my team resolve a bunch of issues because a departing team member used their own account to set up LDAP binding for half a dozen services, which all broke after he left last week.

FlapYoJacks
Feb 12, 2009

Sirotan posted:

Just a friendly reminder to USE A loving SERVICE ACCOUNT when you're deploying a new service. I've spent all day helping my team resolve a bunch of issues because a departing team member used their own account to set up LDAP binding for half a dozen services, which all broke after he left last week.

Ah, the proverbial last “gently caress you” of a departing employee. :allears:

Methylethylaldehyde
Oct 23, 2004

BAKA BAKA

DoomTrainPhD posted:

Ah, the proverbial last “gently caress you” of a departing employee. :allears:

I mean, that would be a masterful gently caress you if you did it intentionally on boxes that are difficult to troubleshoot and are 100% undocumented. Too bad 99% of these cases are because 'no documentation' and 'whatever creds I had handy that made it work' are the standard by which all IT projects are held to.

The Iron Rose
May 12, 2012

:minnie: Cat Army :minnie:

zokie posted:

Could be worse, could be that your health checks have your micro services check in their dependent micro services health also so if one thing goes down everything just breaks in a big failure cascade and k8s never has a chance to like restart failing nodes.

Or even better, some of the services might trigger exceptions in their health checks because of lazy backend programmers so now the first thing you need to do to see anything interesting in the log is to filter the 20k exceptions caused daily by the health check. :commissar:

hahahahahaha we do exactly the same thing (except we don't tie k8s automation to synthetics failing, thank god), except the only automation our health checks do is trigger a pagerduty incident/post in slack, so at least it doesn't completely break a cluster.


Sirotan posted:

Just a friendly reminder to USE A loving SERVICE ACCOUNT when you're deploying a new service. I've spent all day helping my team resolve a bunch of issues because a departing team member used their own account to set up LDAP binding for half a dozen services, which all broke after he left last week.

my old boss the IT director got fired because he refused to let us create a datadog service account for terraform automation because "it's a shared account!" and then gave us no path forward from it, even though the status quo was using an individual engineer's API key.

FlapYoJacks
Feb 12, 2009

Methylethylaldehyde posted:

I mean, that would be a masterful gently caress you if you did it intentionally on boxes that are difficult to troubleshoot and are 100% undocumented. Too bad 99% of these cases are because 'no documentation' and 'whatever creds I had handy that made it work' are the standard by which all IT projects are held to.

The biggest gently caress you I ever gave to an ex job was to give them two weeks notice three months before the product was to be released. They ended up spending 250~k on a contract house to finish the product. All because they refused to give me a $40k raise from 80 to $120,000. I regret nothing.

Slumpy
Jun 10, 2008

DoomTrainPhD posted:

The biggest gently caress you I ever gave to an ex job was to give them two weeks notice three months before the product was to be released. They ended up spending 250~k on a contract house to finish the product. All because they refused to give me a $40k raise from 80 to $120,000. I regret nothing.

tbh they probably factored in that a 1 time lump sum would save over years of 120k

Methylethylaldehyde
Oct 23, 2004

BAKA BAKA

Slumpy posted:

tbh they probably factored in that a 1 time lump sum would save over years of 120k

You're giving them ENTIRELY too much credit. The cold calculus of business in this case was probably more like:

Doom: I'm knocking this project out of the park, and I want a fat 50% raise because of how great I am and by extension this project will be.
Bossman: Haha, no. Get back to work, that automatic money counter won't code itself.
Doom: You're right, it won't code itself. Here's my 2 weeks notice, I quit.
Bosman: How dare you? Why don't you have any loyalty? I paid you market rate! Market rate, you hear meeee?!?/???

FlapYoJacks
Feb 12, 2009

Methylethylaldehyde posted:

You're giving them ENTIRELY too much credit. The cold calculus of business in this case was probably more like:

Doom: I'm knocking this project out of the park, and I want a fat 50% raise because of how great I am and by extension this project will be.
Bossman: Haha, no. Get back to work, that automatic money counter won't code itself.
Doom: You're right, it won't code itself. Here's my 2 weeks notice, I quit.
Bosman: How dare you? Why don't you have any loyalty? I paid you market rate! Market rate, you hear meeee?!?/???

More like:

Doom: I'm knocking this project out of the park, and I want to be paid what I am worth. Here is what an embedded Linux engineer makes on average for the area.
Boss: Lol no, I can replace you in two weeks. (Yes, he said this.)
Doom: Fine, here's my two weeks notice, I found a company that will pay me $125,000/year.
Boss: poo poo! Fine! We will hand it over to the contract house, it's going to cost at least $100,000!

* A year passes *

Ex-Cowoker/Friend during a lunch/catch up: Yeah, they released the product. The invoices for the contract house were over 250k. Also, we couldn't find a replacement for you until we set the position to 120k, he starts next month.

The Iron Rose
May 12, 2012

:minnie: Cat Army :minnie:
does terraform not expose any way to manage the expiry/rotation time for secrets managed as code or am I missing something super obvious here.

I would really like to mandate rotation windows in code and I'm shocked that even though this is totally supported in the API terraform has no support for it.

I know I can accomplish this with Cloud KMS, but at that point I'm re-implementing secrets manager and that seems silly.

Methylethylaldehyde
Oct 23, 2004

BAKA BAKA

DoomTrainPhD posted:

More like:

Doom: I'm knocking this project out of the park, and I want to be paid what I am worth. Here is what an embedded Linux engineer makes on average for the area.
Boss: Lol no, I can replace you in two weeks. (Yes, he said this.)
Doom: Fine, here's my two weeks notice, I found a company that will pay me $125,000/year.
Boss: poo poo! Fine! We will hand it over to the contract house, it's going to cost at least $100,000!

* A year passes *

Ex-Cowoker/Friend during a lunch/catch up: Yeah, they released the product. The invoices for the contract house were over 250k. Also, we couldn't find a replacement for you until we set the position to 120k, he starts next month.

Ok wow, I severely overestimated your boss' competence and underestimated how miserly he is. Isn't the rule of thumb for any project that involves code is 6 months to get 100% up to speed on a more complex project?

Sirotan
Oct 17, 2006

Sirotan is a seal.


DoomTrainPhD posted:

Ah, the proverbial last “gently caress you” of a departing employee. :allears:

Yeah, no, this was just incompetence/cowboy ITing. This guy was a real know-it-all rear end in a top hat who thought he was smarter than everybody else and thought of the services he managed as "his". No documentation, got defensive if anyone ever tried to make suggestions or point to best practices. With the exception of one change I found made last week everything else was months/years old.

Can't say I'm sad he's gone.

FlapYoJacks
Feb 12, 2009

Methylethylaldehyde posted:

Ok wow, I severely overestimated your boss' competence and underestimated how miserly he is. Isn't the rule of thumb for any project that involves code is 6 months to get 100% up to speed on a more complex project?

Yeah. He hosed himself royally and it's still funny to me every time I think about it. They did eventually release and have had 2 whole updates in a year because the new guy is apparently milking them for all their worth. :allears:

Super-NintendoUser
Jan 16, 2004

COWABUNGERDER COMPADRES
Soiled Meat
Documentation chat:

At $AWFUL_JOB one of my colleagues (in a company of five people) setup a rather large network for a multi-site office. Multiple MPLS endpoints, routers, servers, IP PBX, wifi, everything. My job was post deploy support.

I asked him for his documentation and he told me to check our wiki. The documentation was basically this:

code:
Company Network

IP: 142.213.123.123
 Router: 192.168.1.1
 Netmask: 255


When I asked him if that was it, he said yes, that was it, but it was enough for him. And if he did document it, I wouldn't understand it anyways.


So when my colleagues now push back on documentation, I don't give up an inch.

Adbot
ADBOT LOVES YOU

Bob Morales
Aug 18, 2006


Just wear the fucking mask, Bob

I don't care how many people I probably infected with COVID-19 while refusing to wear a mask, my comfort is far more important than the health and safety of everyone around me!

Jerk McJerkface posted:

code:
Company Network

IP: 142.213.123.123
 Router: 192.168.1.1
 Netmask: 255



What more do you need?

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply