Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Judge Schnoopy
Nov 2, 2005

dont even TRY it, pal

MrBling posted:

https://medium.freecodecamp.org/how-i-hacked-hundreds-of-companies-through-their-helpdesk-b7680ddc2d4c

that is some pretty impressive work and some fairly huge security holes in ticketing systems.

loving wow. Good on this guy, gently caress every company who doesn't immediately implement changes to fix the problem

Adbot
ADBOT LOVES YOU

Wibla
Feb 16, 2011

ChubbyThePhat posted:

The bike analogy is super good. I went a couple of years without really needing to touch network gear, then current job had be stand up a couple racks from nothing. Less relevant is that they were all ProCurves rather than Cisco. It's more that you learned the concepts and can apply that to what's in front of you than can remember every little detail.

This changes the farther up the cert chain you go, but I would hope if you got a CCIE that you deal with Cisco gear on the regular.
Yep. Having an understanding of the basic principles involved and being capable of reading man files / googling will get you through most things.

I do this a lot at work and apparently this blows some people's minds.

Super Slash posted:

Garbage duty really annoys me, like I'm not adverse to cleaning stuff up as I like a tidy workplace like anyone else but when IT is the one ordered to clean up for other people is pretty aggravating.
I'd simply say "you pay me too much to use me as a janitor".

Thanks Ants posted:

Please don't sit on a call and be so thick / ill prepared that every third word out of your mouth is an "uhhhhhhhhh". You sound like a loving Beavis and Butthead episode. Learn how to think about your next word without also making a noise, thanks.
So much this. Be prepared or do us all a favour and keep your trap shut until spoken to, then answer what you know and then continue shutting the gently caress up.

This goes for all kinds of meetings really, not just calls. I was in a meeting with like 12 people a couple of years ago where two engineers from the end customer and myself were the only ones really contributing anything of note, and we solved everything* on the meeting agenda in the first 15 minutes.
Then the rest of the chucklefucks had to go on for two more hours talking about useless poo poo because they had to use up the allotted time. I was ready to strangle someone towards the end.

*Control network architecture for a railroad tunnel + adjacent trackside service buildings with about 80-90 total network devices across 11 nearly identically built technical rooms, not exactly rocket science.

Thanks Ants
May 21, 2004

#essereFerrari


Judge Schnoopy posted:

loving wow. Good on this guy, gently caress every company who doesn't immediately implement changes to fix the problem

Agreed, very :monocle:

Edit: Lol of course the Microsoft acquisition (Yammer) never responded, they probably don't even know who they're meant to take the issue to.

Thanks Ants fucked around with this message at 20:29 on Sep 22, 2017

Wrath of the Bitch King
May 11, 2005

Research confirms that black is a color like silver is a color, and that beyond black is clarity.

Judge Schnoopy posted:

loving wow. Good on this guy, gently caress every company who doesn't immediately implement changes to fix the problem

In the most Oracle voice imaginable: "Well they shouldn't be trying to break into the system anyway!"

The Iron Rose
May 12, 2012

:minnie: Cat Army :minnie:
loving macbook air screws

Had to swap a harddrive from a broken system to a new one.

Turns out buddy actually managed to break the thunderbolt port. I have absolutely no idea how, but display out was hosed, it wasn't the refresh rate, cleared PRAM and SMC, safe mode, the admin account. Happened to every monitor and TV I connected it to regardless of input method, and a known good system was fine on all of them.

Like it's a one in a million failure but I legitimately have no idea what else it could be other than hardware.

mllaneza
Apr 28, 2007

Veteran, Bermuda Triangle Expeditionary Force, 1993-1952




The Iron Rose posted:

Like it's a one in a million failure but I legitimately have no idea what else it could be other than hardware.

Yeah, probably hardware. I've replaced system boards for that.

And those are pentalobes holding the thing together. I have a small Tekton socket set for when I need to open a pre-2016 Mac laptop.

Antioch
Apr 18, 2003
The vendor is in Ontario. They are on EST. We are in Alberta, on MST. I can email and call them until my fingers bleed, but they aren't going to answer because it's past close of business. Getting lovely with me over email isn't going to help anyone. AND you're supposed to be on vacation, boss dude. Go spend time with your wife for christ's sake. Throw the blackberry in the goddamn ocean.

Sickening
Jul 16, 2007

Black summer was the best summer.
Ipsec tunnels to Azure are either incredibly easy or headache inducing depending on which firewall provider you are using.

gently caress you palo alto. gently caress you.

fist4jesus
Nov 24, 2002

wolrah posted:

Two things that stand out to me here:

1. Why would your TV have been at 192.168.1.1 in the first place?
2. If you're using 192.168.1.x internally, why would your router be passing the traffic outside far enough for the ISP's hardware to even have a chance to see it?

I said tv out pc. Why wouldn't I use 192.168 for my internal lan? And how is it that I'm the problem, as opposed to their routing? No amount of hosed up config on my side should ever land me on their device on that range.

I was running pppoe + dhcp internally, with my tv out box and a few other hardcoded on a dinky residential grade dsl modem.
No fancy routing or settings. Username, password, encapsulation, mtu, dhcp pool, very basic stuff.

I'd love to hear why you think this was my/user error.

Edit: Yes. Company supplied device. Netcomm from memory.
And about 6 hours after I called them it was resolved. No config was changed before or after on my side.

fist4jesus fucked around with this message at 23:33 on Sep 22, 2017

The Fool
Oct 16, 2003


My coworker is getting in the way of my efforts to automate everything.

skooma512
Feb 8, 2012

You couldn't grok my race car, but you dug the roadside blur.
[quote="“mllaneza”" post="“476662394”"]
Yeah, probably hardware. I’ve replaced system boards for that.

And those are pentalobes holding the thing together. I have a small Tekton socket set for when I need to open a pre-2016 Mac laptop.
[/quote]

The last set of tools I got either strip the screws or get stripped themselves. I swear Apple intentionally puts a few soft metal screws in there to gently caress with people.

Dick Trauma
Nov 30, 2007

God damn it, you've got to be kind.

The Fool posted:

My coworker is getting in the way of my efforts to automate everything.

Automate your coworker. :science:

Wibla
Feb 16, 2011

The Fool posted:

My coworker is getting in the way of my efforts to automate everything.

You should read some BOFH :black101:

Or maybe not :ohdear:

The Fool
Oct 16, 2003


We are currently in the process of migrating to a new HCM SaaS tool. I'm taking the opportunity to automate as much of the user onboarding and termination process as I can. I'm just about finished with the AD stuff. User is created on hire, user is disabled on termination date. User information (phone number, department, manager, address, etc.) are all updated in AD automatically if changed in the HCM tool. This is all cool and good, and has been a fun project to work on.

I wanted to automate mailbox creation and license assignment, but O365 is my coworkers domain, and he has been resistant.

Proteus Jones
Feb 28, 2013



MrBling posted:

https://medium.freecodecamp.org/how-i-hacked-hundreds-of-companies-through-their-helpdesk-b7680ddc2d4c

that is some pretty impressive work and some fairly huge security holes in ticketing systems.

LOL

quote:

Large companies have no clue what their employees are doing. I discussed this flaw a CISO of a giant payment processing company. He assured me this wouldn’t be a problem, as their employees weren’t supposed to communicate through Slack. They had their own intranet set up to handle these things. I proved him wrong by joining 8 rogue Slack channels actively used by 332 employees all around the globe. I ended up getting a $5,000 bounty for it.

Ursine Catastrophe
Nov 9, 2009

It's a lovely morning in the void and you are a horrible lady-in-waiting.



don't ask how i know

Dinosaur Gum

Yeah turns out sometimes workers want to communicate with each other in a sane fashion even if the c-levels have horribly backwards and wrong-headed ideas about what "sane" means in TYOOL 2017, whoops

MC Fruit Stripe
Nov 26, 2002

around and around we go
Your employees aren't brainless. Give them the tool they need or they'll just get it themselves, and you may not always like how they do it.

anthonypants
May 6, 2007

by Nyc_Tattoo
Dinosaur Gum

MC Fruit Stripe posted:

Your employees aren't brainless. Give them the tool they need or they'll just get it themselves, and you may not always like how they do it.
This is why your users still use the consumer version of Dropbox et al.

MC Fruit Stripe
Nov 26, 2002

around and around we go

anthonypants posted:

This is why your users still use the consumer version of Dropbox et al.
This is too true. Next time you get upset because you find a rogue piece of software on a user's computer, think about what they're trying to accomplish and consider that it's because your department isn't providing it for them. Users care more about managing their own workload than IT policy (a policy which can often seem like arbitrary 'because I said so' decisions to a user).

Ursine Catastrophe
Nov 9, 2009

It's a lovely morning in the void and you are a horrible lady-in-waiting.



don't ask how i know

Dinosaur Gum

MC Fruit Stripe posted:

This is too true. Next time you get upset because you find a rogue piece of software on a user's computer, think about what they're trying to accomplish and consider that it's because your department isn't providing it for them. Users care more about managing their own workload than IT policy (a policy which can often seem like arbitrary 'because I said so' decisions to a user).

Not in IT now but back when I was a combo T1/dev they would have been preaching to the choir. I had a particular usb key (which may or may not have had a bottle opener and a familiar grenade logo) with a bunch of standalone PuTTY/Firefox/Vim/Windows tools on it because my job thought "if you're coding then notepad is good enough, and if you're on the internet IE is good enough, also stack overflow is a banned site".

Proteus Jones
Feb 28, 2013



Ursine Catastrophe posted:

Not in IT now but back when I was a combo T1/dev they would have been preaching to the choir. I had a particular usb key (which may or may not have had a bottle opener and a familiar grenade logo) with a bunch of standalone PuTTY/Firefox/Vim/Windows tools on it because my job thought "if you're coding then notepad is good enough, and if you're on the internet IE is good enough, also stack overflow is a banned site".

I know this goes against the grain for most people here, but my boss finally said to the corp IT teams "Listen, you guys are slow at times getting us what we need on our systems it's killing us, this poo poo needs to change. And I realize because our needs change from project to project it can get a little frustrating for you guys to support our group."

Finally we came up with some compromises.
  • We've been carved out of the corporate VLANs and access any corporate resources through VPN or restricted links back into corp proper.
  • We have our own infrastructure team that manages both our production stuff for interacting with customers and also for our DEV and UAT environments for the various projects that may be in flight
  • And (this was the big one) our senior SME team has Local Admin on our personal systems. While corporate still manages any mandated agents and clients (like AV, backups, and whatnot), we have an understanding with the corporate team that any issues or complaints will likely be dealt with a flatten and restore of the laptop/workstation.
We've been doing this for a few years now, and it's worked quite well. Our ticket volume submitted to corp IT has dropped to almost nothing, and we don't end up idling (sometimes for days) waiting for a non critical ticket to be resolved. I think I can count on one hand the number of times we've needed to wipe and restore one of our systems in that time. One of the big reasons this worked for my specific group is we haven't abused this set up.

I'm not saying this should be adopted by everyone or that this would even work for everyone, but as said by Fruit, Anthonypants and Ursine here sometimes there are needs for the exception.

Proteus Jones fucked around with this message at 10:53 on Sep 23, 2017

Corsair Pool Boy
Dec 17, 2004
College Slice

bull3964 posted:

Trying to convince our NOC personnel that I don't give a flying gently caress about CPU alerts on our back end data processing DB server. It will either be idle or bouncing off 100% for hours on end and the workloads are ad hoc. There is no way to configure CPU alert thresholds to tell me anything useful. I.DONT.CARE. and I will never take action on any of those alerts. There's no point in generating them.

We get a lot of these in my (MSP) NOC. CPU/memory utilization alerts that trigger after 15 minutes of being over 90 or 95% "Yeah, the Veeam servers are going to be using all their resources at night, why do you keep notifying us?". My absolute favorite are the high RPC latency alerts we get on these 8-10 year old SBS servers trying to run Exchange, various SQL tasks, and god knows what else. I've suggested maybe adjusting the threshold or length of time at that level before alerting, but we still get 'em. I've learned to sit on most of that stuff until the end of my shift, and only if they're still alerting at that point do I notify our customer or the internal team about it.



Bigass Moth posted:

Very early in my career I spoke with a Cisco TAC guy in India who had two CCIEs (Voice and Security, hilariously different paths), 3 years of experience, and who could not help me set up a certificate on a router.

In fairness to that guy, I'm pretty sure only a handful of them have been taught how to do that. We wound up with a customer and one of our engineers onsite for about 4 hours on a Saturday, and then a few more on Sunday, because Cisco provided no fewer than five incorrect certs for the replacement router. I was getting frustrated, I can't imagine what the dude onsite was feeling. This was after the new router had an attempted delivery an hour earlier than scheduled on Saturday, so no one was there to accept delivery, forcing a reschedule several hours later while the peeps onsite stood around. I've not had many good experiences with Cisco and RMAs.

Volmarias
Dec 31, 2002

EMAIL... THE INTERNET... SEARCH ENGINES...

Ursine Catastrophe posted:

if you're coding then notepad is good enough

Ignoring how you didn't collapse into a black hole from indignant rage, how did you not quit on the spot?

MC Fruit Stripe
Nov 26, 2002

around and around we go

Proteus Jones posted:

I know this goes against the grain for most people here, but my boss finally said to the corp IT teams "Listen, you guys are slow at times getting us what we need on our systems it's killing us, this poo poo needs to change. And I realize because our needs change from project to project it can get a little frustrating for you guys to support our group."

Finally we came up with some compromises.
  • We've been carved out of the corporate VLANs and access any corporate resources through VPN or restricted links back into corp proper.
  • We have our own infrastructure team that manages both our production stuff for interacting with customers and also for our DEV and UAT environments for the various projects that may be in flight
  • And (this was the big one) our senior SME team has Local Admin on our personal systems. While corporate still manages any mandated agents and clients (like AV, backups, and whatnot), we have an understanding with the corporate team that any issues or complaints will likely be dealt with a flatten and restore of the laptop/workstation.
We've been doing this for a few years now, and it's worked quite well. Our ticket volume submitted to corp IT has dropped to almost nothing, and we don't end up idling (sometimes for days) waiting for a non critical ticket to be resolved. I think I can count on one hand the number of times we've needed to wipe and restore one of our systems in that time. One of the big reasons this worked for my specific group is we haven't abused this set up.

I'm not saying this should be adopted by everyone or that this would even work for everyone, but as said by Fruit, Anthonypants and Ursine here sometimes there are needs for the exception.
This is, to the letter, the same issue we face with our corp IT. I'm always amazed when I end up battling corporate IT over something. We're on the same team my dude, we could sit around for hours bullshitting about how we face the same issues and laugh about the absurdities of life in IT, but instead we have to work against each other? Drives me crazy.

Our situation is the same as yours, in that corporate IT has no access to any of our systems. But the few times we do cross paths, it's pulling teeth. A specific example is that the corporate mail server started rejecting our production alerts. Instead of getting together to fix it, they instead went with an attitude that was barely better than "you're lucky we let you send email at all". We had to escalate to the CIO so that he could delegate it back down that side of the org chart that yeah no you're going to be fixing this issue right now. I've posted about it before, but territorial pissing matches are the dumbest thing. Why do people have to win, instead of doing the right thing?

Thanks Ants
May 21, 2004

#essereFerrari


Why would Google build a tool (Vault) to retain G Suite data for a predetermined length of time, if deleting the underlying account removes all the content from Vault after 30 days?

I mean obviously the answer is :10bux: :10bux: but it's irritating.

Thanks Ants fucked around with this message at 17:56 on Sep 24, 2017

Neddy Seagoon
Oct 12, 2012

"Hi Everybody!"

Thanks Ants posted:

Why would Google build a tool (Vault) to retain G Suite data for a predetermined length of time, if deleting the underlying account removes all the content from Vault after 30 days?

I mean obviously the answer is :10bux: :10bux: but it's irritating.

The EU has actual proper laws regarding online privacy and data retention of deleted accounts that Google has to comply with.

Ursine Catastrophe
Nov 9, 2009

It's a lovely morning in the void and you are a horrible lady-in-waiting.



don't ask how i know

Dinosaur Gum

Volmarias posted:

Ignoring how you didn't collapse into a black hole from indignant rage, how did you not quit on the spot?

Entry level first jobs are a hell of a drug. Long story short the position was "supposed" to be T1 Helpdesk but they had levered 'website dev' into it at some point before I got there, when that consisted of 'transcribing the newsletter onto a static html page', and hadn't had anyone push back on their local desktop restrictions. They were stil "discussing" opening it up a year later when I left.

Thanks Ants
May 21, 2004

#essereFerrari


It's very frustrating working with people who are only used to working with poo poo-tier networking hardware, and see a reboot as the first troubleshooting step. Thanks, now you've made people suspicious of the quality of the thing in the first place, as well as wiped out a lot of useful logs that might have helped troubleshoot any problems.

Proteus Jones
Feb 28, 2013



Thanks Ants posted:

It's very frustrating working with people who are only used to working with poo poo-tier networking hardware, and see a reboot as the first troubleshooting step. Thanks, now you've made people suspicious of the quality of the thing in the first place, as well as wiped out a lot of useful logs that might have helped troubleshoot any problems.

There was a client of ours that had about 1500 retail locations or so. We needed to <something, can't remember exactly what> and push to all locations.

:eng101: We suggest using $TIME since that will give us the largest window
:byodood: OK!
:byodood: Oh, by the way, we're rebooting the Cisco routers and switches at the stores at that time!
:eng101: ...uh, then...
:eng101: we can schedule it for the next week, no problems. It's not urgent.
:byodood: These are *weekely* reboots!

They power-cycled their Cisco routers and switch on a weekly basis.

Weekly. Basis.

Thanks Ants
May 21, 2004

#essereFerrari


Azure AD App Proxy looks cool, can finally kick VPN to the kerb for this one app that's being phased out anyway.

Oh look, it's a Microsoft product and doesn't run on Server Core. Seriously guys, this is getting ridiculous.

Collateral Damage
Jun 13, 2009

Proteus Jones posted:

They power-cycled their Cisco routers and switch on a weekly basis.

Weekly. Basis.
On the upside it trains people to always commit their changes to flash.

nexus6
Sep 2, 2011

If only you could see what I've seen with your eyes
So one of my colleagues, either by accident of incompetence, deleted/corrupted all of the databases on our local development sever. All 75 of them.

The solution that she came up with, and that our director is somehow happy with, was to wipe it clean and say "individual database backups can be found <here>, you can restore them as you need them"

Collateral Damage
Jun 13, 2009

I approve of his unorthodox way of solving the data hoarding problem.

I'm betting that in six months you'll find that only about half of those databases have been restored and the rest weren't actually needed.

Virigoth
Apr 28, 2009

Corona rules everything around me
C.R.E.A.M. get the virus
In the ICU y'all......



Collateral Damage posted:

I approve of his unorthodox way of solving the data hoarding problem.

I'm betting that in six months you'll find that only about half of those databases have been restored and the rest weren't actually needed.

I'd set a calendar reminder for 30 days and claim a big win by cleaning up all the unused databases.

stevewm
May 10, 2005
In the middle of building and opening a new branch location... CEO announces we have acquired an existing store, and it needs to be converted over to our EDI system by Nov. 1st. /bhod

wolrah
May 8, 2006
what?
Starting my day pissed off...

The company I work for opens at 9 AM, and I work from home, so my alarm goes off at 8:30.

7:45 this morning my cell phone is ringing and it's a customer. I don't answer direct calls from customers to my cell phone unless I have reason to be expecting them, so I silence it and put my head back down.

8 AM rolls around and my phone's ringing again, this time it's the emergency on-call queue. I answer it and unsurprisingly it's the same customer from earlier. I ask what her emergency is and she tells me her home iMac is acting weird and she wants to schedule us to come out and take a look at it.

I remind her she called the emergency line, tell her I can't check the schedule from where I was (technically true, since I was in bed and my laptop was out of reach), and ask her to call back when we're open. I then give up on trying to get that last 20 minutes of sleep and start my morning routine a bit earlier than usual.


Apparently between calling my cell and calling the emergency queue she also called both my boss and our other tech directly, and my boss called her back, where she then had the nerve to complain about me not being helpful.

Collateral Damage
Jun 13, 2009

Today I learn there are people who don't have their phones on DND at night.

Neddy Seagoon
Oct 12, 2012

"Hi Everybody!"

Collateral Damage posted:

Today I learn there are people who don't have their phones on DND at night.

Well look at Mister Fancy-Pants who never has to cover on-call :colbert:.

Virigoth
Apr 28, 2009

Corona rules everything around me
C.R.E.A.M. get the virus
In the ICU y'all......



Neddy Seagoon posted:

Well look at Mister Fancy-Pants who never has to cover on-call :colbert:.

I have DnD on for my phone and only allow PagerDuty through for being on-call. It keeps rogue numbers from calling me and if someone pages me with bullshit I can document my rage appropriately.

Adbot
ADBOT LOVES YOU

wolrah
May 8, 2006
what?

Collateral Damage posted:

Today I learn there are people who don't have their phones on DND at night.
I have my phone set to allow personal contacts to call through DND, and apparently I forgot to choose the work account when adding this person. Fixed that.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply