|
I have to do a ppt presentation about how a bunch of our kit got owned (basically, they put it on the internet with an all lowercase dictionary word as the password) and what we need to do to fix it, and where to go long term. I've been saying for a while that the way the kit is set up is crap and they need to do something about it, it's fallen on deaf ears until the ISP started disconnecting lines. Been trying to find out for a week who is actually going to be at the thing, so I can figure out what sort of level of information to present, and gotten no-where until tonight. I have to leave tomorrow afternoon to get to where the meeting is. Turns out that the skill levels of the people range from a senior infrastructure engineer at head office who is actually a very competent networking person but knows absolutely gently caress all about our project, to our project manager, his boss and his bosses boss, who know the project very well but likely still have home router SSIDs called "linksys", and some of the installation engineers who are literally blokes who drive around in a van, install these things and know gently caress all about computing. So I guess I'm going to bore the infrastructure guy to death now as I explain stuff he almost certainly already knows, such as why the ones behind NAT didn't get owned and why relying on that is still a terrible idea.
|
#
¿
Nov 10, 2014 19:45
|
|
|
|
| # ¿ Apr 26, 2024 16:52 |
|
|
ratbert90 posted:uh, usb->serial has existed for like, ever dude. Unless you have one of the fake FTDI chips, in which case your usb serial might stop existing. Fake edit: Also, unless you have a system that requires in-spec voltages in its serial comms.
|
|
#
¿
Nov 20, 2014 18:45
|
|
|
Roargasm posted:Worst PM I ever had was from another company. Original quote came in way too high so I think we got an economy manager. First real meeting we set up the entire action list for the two month project and she set every single date for the next Tuesday, figuring we would just "push back" the stuff that didn't get done on time. She also had purple hair and had a nasty knack for touching other people's laptop screens. I hate that poo poo. gently caress you, purple hair is awesome. agree with everything else, mind
|
|
#
¿
Nov 21, 2014 20:11
|
|
|
I guess we're reaching the point where people are gonna have to build a 2003 terminal server solely to run IE6 in kiosk mode, Java 6 (or Java 1.4) and Flash with a whitelist of sites and desktop icons for the users saying "ShittyCorp Parts Catalogue" or whatever.
|
|
#
¿
Nov 24, 2014 21:14
|
|
|
Scaramouche posted:Isn't 2003 EOL soon now too? Yes, but one box that does nothing but that is a hell of a lot better than a fleet of XP/IE6 boxes out in the wild.
|
|
#
¿
Nov 24, 2014 23:54
|
|
|
poo poo pissing me off? I just spent £160 on clothes, and now the USB port on my phone is dead. I can solder, but not something that bloody small, so now I have to find a repair shop in the run up to xmas.
|
|
#
¿
Dec 16, 2014 03:56
|
|
|
Ynglaur posted:At least you'll be well-dressed when you go looking! Nah, they're coming from Australia, where it's currently summer, so I can't even wear them for six months. (Yes, Black Milk got more of my money.) It's fine though, I get paid early for xmas (this friday) and I doubt the phone will be fixed by then.
|
|
#
¿
Dec 16, 2014 06:39
|
|
|
Weatherman posted:Do repair shops hibernate or migrate south in the winter or something? No, but I only moved here recently, so no idea who is good. Found a place down the road that will do it for a tenner though, so problem solved, and no charge if they can't fix it. That said I'm seriously considering getting a new phone with a keyboard attachment, and then taking the SIM out of the Blackberry Curve that work foisted upon me and putting it in the Droid 4. I can't even type on the sodding thing and keep breaking my nails if I type with those. Someone find me a decent (5 row) keyboard attachment for a Note 4 or similar. Kyrosiris posted:Yeah, Droid 4s are something in the range of $50 on Swappa, so I can't imagine they'd be that much higher on UK sites. Replacing the battery is pretty easy, you just need to undo two screws at the bottom right of the battery hidden under a little rubber cover, then force the thing out as its glued in place. The replacement battery kit comes with a replacement sticky sheet to put the new one in. dogstile posted:Well my girlfriend was looking for a decent place to buy clothes, now i've got a place to recommend. Cheers! Welp, if you get her hooked on BM, expect to have no money left every month. They're definitely the best place to go for pretty shiny geeky clothes though.
|
|
#
¿
Dec 16, 2014 19:10
|
|
|
Che Delilas posted:My question was mostly rhetorical and sarcastic so as to portray my frustration, but that's actually a nice little tip; I hadn't noticed it before but a quick look at what I have in front of me bears you out. Otherwise, I tend to open the stuff that doesn't have messages; every bank statement for instance has nothing extraneous printed on it. I just keep a paper recycling bin right next to my letterbox. It makes junk mail much less annoying to deal with. I guess for you US types with your external mailboxes, you'd put it next to wherever you carry the mail to before looking at it?
|
|
#
¿
Dec 22, 2014 19:50
|
|
|
wolrah posted:Joining the "once you go snow you don't go back" pile here, I live in Northeast Ohio and I tell everyone I know to buy them. From your post history it looks like you're in Wisconsin, so you would definitely benefit from a set. Don't cheap out on your tires, like a PC's power supply they're the thing everything else depends on to work. Every time it gets bad around here I'm comfortably driving along in my RWD 3 series passing 4x4s on all seasons who landed in the ditch. They are that much better, anyone who has to drive in snow/ice conditions regularly should have them. I'm in the UK where we only get snow for a few weeks a year, and yet the country is in absolute chaos due to fuckwits who can't drive, while the Canadians and the Vikings point and laugh. Meanwhile I lived on the side of a valley, commuted over the tops of two other valleys, had no problem. Winter tyres rule, and make a hell of a lot more difference than AWD or anything like that. The first time you have to brake suddenly, you'll realise just how worthwhile they are. Even when it's just cold, and with no snow, they're a big improvement. poo poo that pisses me off? I went for a third date, supposed to be just cuddling up and watching a film. She asked me to fix her laptop!
|
|
#
¿
Dec 30, 2014 03:00
|
|
|
evobatman posted:I thought you had a girlfriend? I have several girlfriends. Most of them also have several girlfriends. One of them also has a boyfriend but I try not to think about that too much.
|
|
#
¿
Dec 30, 2014 18:54
|
|
|
I have been ignoring my works email since the 22nd, and will continue ignoring it until the 5th. I may have accidentally read it on the first day and going in on the 5th when 3 customers have major issues is going to be unfun. Maybe 2015 will be the year of having more than one person in the entire company who understands my job.
|
|
#
¿
Dec 30, 2014 20:33
|
|
|
spog posted:Nah, Lum's a good sport and knows I'm not serious. You're going to hate me Ran malware bytes on it, left it going, then went to watch the film as originally planned. I have no idea how to fix spyware these days, been so long since I've had a problem with it on my own systems.
|
|
#
¿
Dec 31, 2014 00:56
|
|
|
meanieface posted:This looks pretty decent for not-getting-paid: http://www.decentsecurity.com/#/holiday-tasks/ Looks like far too much effort for not getting paid to be honest.
|
|
#
¿
Dec 31, 2014 04:18
|
|
|
mewse posted:One time I found one of our clients had a document template with a little square logo on the letterhead, like 2"x2", I copied the logo into mspaint and it was like 4000x4000 pixels I usually have the opposite problem, where the logo is a 45x45 jpg copied off the company website, and looks like crap when printed.
|
|
#
¿
Jan 2, 2015 16:39
|
|
|
So after years of basically running me ragged looking after customer running ShittyApp on Windows 2003, and me saying for years that we need to start worrying about it's replacement, it's finally happening. Problem is: The boss has already sold it to our biggest and most importat customer, who wants a WAN based install with 2 servers on different sites, one as a backup, and serving 4 sites. I only got told about this in November, it's taken until today to get a "suitable" test machine, which is Windows 2008 running on a VM at head office that I have to access by IP address over our lovely VPN and has no external access to the outside world. Up until this point I haven't been allowed near anything newer than Windows 2008 The new app is based on .net4 and IIS. I literally haven't touched IIS since Windows 2000, and it's changed a bit since then. The customer wants it setting up with an Oracle backend, which is possible but only barely supported by the vendor (literally one guy worked on adapting it to Oracle). I know gently caress all about Oracle and I'm not allowed access to the Oracle management tools the manual talks about as we don't have licences for that apparently, instead I have to submit a ticket and wait two weeks for a response. We're supposed to be going live in February. The funniest part: ShittyApp has a free upgrade that makes it good for all current OSes including 64bit ones, and we also support another app that is equally critical (the two work together) that ONLY works on 32bit Server 2003, I'm going on a course to learn how to use that in a few weeks, yet management are pushing for rolling out the other, less critical, one first! I'm genuinely starting to dispair, but my skills are so out of date that jumping ship is going to be drat hard. Lum fucked around with this message at 22:05 on Jan 6, 2015 |
|
#
¿
Jan 6, 2015 22:03
|
|
|
I've taken a 5000 post break from this thread, but I need to rant today. I was asked to come to the regional office for a meeting. Project manager forgot to tell the guy planning it that I was coming, so I got left off the email with all the details in,. Turns out that the "meeting" was actually building 4 server racks, one each, in the warehouse and shipping them off to customers. Not knowing this I turned up in an expensive dress and 4" heels. I'm totally justified in adding a pair of jeans to my expense claim, right? If they moan about it, I'll instead complain about being made to work in a steel toe cap and hard hat area without proper PPE. E: Despite having to run into town, I still finished my rack before the 3 dudes, and with neater cabling, though I feel dirty because I was made to use cableties. Lum fucked around with this message at 22:46 on Aug 25, 2015 |
|
#
¿
Aug 25, 2015 22:38
|
|
|
I also now understand why people rave about Dell rails. Last rack I put together was a Compaq 9000 series, with 1st gen 4U DL380s in it! Also those R220s are amazingly quiet compared to what I'm used to. Though the project manager cheaped out on the displays, went with a Belkin Omniview Pro 3 and a Belkin monitor tray. The monitor tray comes with these stupid half-length rails that sorta dangle vaguely horizontally from the back of the rack, then you have to slide the entire tray over both of them as they flop about half way down the rack, before supporting the entire tray with one hand as you attempt to screw the front on with a pair of rack ears. The KVM doesn't pass on EDID information, so if you're on Server 2012r2 or higher then I hope you like strretched widescreen 1280x1024 with the refresh rate set to 64Hz for some reason I simply can't fathom. And for the icing on this poo poo cake, we were then made to configure the servers to autologin as a user with admin priveleges and autostart a GUI "service". UAC is disabled too, but I guess you figured that out already. In the last half hour I replaced half of some dude's job with a batch file. I just wish I could replace the project manager with a batch file. CTTY NUL is all it would need to contain.
|
|
#
¿
Aug 25, 2015 23:09
|
|
|
Thanks Ants posted:They've even made the cable management arms not-poo poo. I used to throw them away if they ever got ordered by accident, but now I quite like them. Cable management arms?!? Not with this PM! Who needs cable management arms with 1U servers anyway! Lum fucked around with this message at 01:06 on Aug 26, 2015 |
|
#
¿
Aug 26, 2015 01:03
|
|
|
Bob Morales posted:We had spirit animals but only like two people still use them *mumblemumble*something about cultural appropriation*mumble*mumble*tumblr*mumble*
|
|
#
¿
Aug 26, 2015 03:03
|
|
|
Haven't posted in this thread in about 2 years, but it looks like I'm finally getting the gently caress out of coding. Problem I have now is the boss wants me to look at making MSI packages for our flagship software, because it's 2016 and frankly it's embarrassing. Complicating things is the need to deploy and configure the Oracle Instant Client in the process. Also I haven't made an application package since 1998 and that was for Novell's packager. I don't want to end up on someone else's poo poo that pisses you off when the package I make doesn't deploy nicely through automated means. So what tools should I use in order to do the job right? Advanced Installer?
|
|
#
¿
Jun 7, 2016 03:03
|
|
|
So I haven't been on this thread (or SA) in loving ages, because I ended up in a rather specialised job, where anything I posted would likely identify me IRL. They made me redundant last year and my clearance expired, so I'm now back in more mainstream Windows admin, where I wanted to be, but also I need to rant again. So for the first year I thought I was in a pod, yeah there was a lot of poo poo to fix, but a real willingness to actually sort it and I got to play with all new stuff, catch up on all the developments I'd missed out on in the last few years. I learned Powershell and established myself as the scripting girl, after the former scripting guy, who was a contractor, quit suddenly after a row with my boss. I even have a written signed list of objectives with stated payrises and a title bump at the end of it, though of course covid has hosed up that timescale a bit. Despite the rant below I'm still pretty drat happy, but that's not the point of this thread, right? It turns out my boss (let's call him Joe) and I have, um, creative differences when it comes to scripts: Any script that goes over 100 lines is ~too complicated~. Other people on the team need to be able to read and maintain it. This includes comments and whitespace but doesn't seem to consider line length or use of the ; character. Hope you like single-line ifs and ForEach loops and gratuitous use of displaying lists with poo poo like Write-Output "blahblah`r`n$(($Widgets | Select -Expand Name) -Join("`r`n") Too much handling of exceptions and edge cases is again ~too complicated~. Never mind that a script is getting deployed to 5000 workstations, get rid of that error handling we don't need it Having parameters in your script... you guessed it ~too complicated~. If you need 20 scheduled tasks that do basically the same thing, but at different times and on different directories. Make 20 scripts. That's more maintainable apparently. Means if you change something and break it, it only breaks one of the tasks. Cluster Scheduled Tasks? ~too complicated~ as you have to set them up using powershell commands. Instead write your scripts to detect if they're running on the correct node and another script to sync any changes to the scheduled task to all the other nodes. That's simpler, apparently. (anyone know if there's a GUI util for setting up cluster tasks, as that might help me win this one) Lum fucked around with this message at 22:16 on Sep 17, 2020 |
|
#
¿
Sep 17, 2020 22:13
|
|
|
Thanks Ants posted:Why is your boss managing you to the level that they are going through your scripts, that would piss me off immensely. It's like having to clear every email you send with them. It's only really the important ones to be fair. If something is destined for thousands of PCs, or is going to run on a critical system that we don't have access to a test environment* for, I really don't mind having a second pair of eyes, and spending the time to explain what it's doing and why. I'd just prefer it when it's my other co-worker who knows Powershell well. *That's a sepate rant, a lot of the test environments are used full time by the teams working on those systems (e.g. FinTech type people) and are really combined test/dev. As far as we're concerned losing them is almost as bad as losing the live system, so it's a nightmare getting a slot to work on them.
|
|
#
¿
Sep 17, 2020 22:30
|
|
|
bull3964 posted:I mean, code reviews on automation running against systems is a good idea. I do it with my team. It's code. It's against production. More than one set of eyes should be on it. I also require my team to source control their scripts. Yeah, the length restriction is making my code, less readable as removing all comments (or shortening them and shoving them on the end of lines) is an easy way to meet that requirements. This doesn't sit well with how I like to code, because if I have to do something weird I might put in a paragraph of comments explaining what it's doing and why. Like I said I really don't have any problem with a second pair of eyes on my scripts, since I've certainly put out a few clangers! Source control, LOL. We have no git account or anything like that, so it's a folder full of Fix-ThisThing-v1.0.ps1, Fix-ThisThing-v1.1.ps1 etc etc. I'm half-tempted to do Fix-ThisThing-v1.1-commentfreeversion.ps1 before review, and then open up the commented one on a second monitor while screen sharing.
|
|
#
¿
Sep 17, 2020 22:52
|
|
|
The Iron Rose posted:My boss forces Cisco ASA work to be done and documented with the ASDM because the command line is too scary for IT. Before he was fired due to Covid, my manager asked me to write documentation for editing github repos using the loving pencil icon, because doing commits on the CLI was too much for people. A week before go-live for a complete infrastructure rip & replace at one of our subsidiaries that a co-worker had spent the last three months creating, Joe decided that we're not allowed to use Server Core for anything. Guess what it all used!
|
|
#
¿
Sep 17, 2020 23:01
|
|
|
I'll give it a go. If I'm being honest, my skills kinda rotted a bit in that job as you never got to play with recent tech, e.g. we dropped support for customers running on Windows XP in 2018, but one of our customers only finished migrating TO Windows XP in 2017! Most of there were Win7 + Server 2008R2 How I ended up leaving that job was about the level of competence you'd expect, after my actually decent boss left in March last year, we all got called into the regional office for a team meeting, with no further warning, just "bring your laptops", so after an early start and (for me) 3 hour drive, we then met the new boss and imediately got told that 1/4 of the team are getting laid off, and then made to sit a software engineering exam they use when recruiting graduates, because of course they're gonna get accurate and useful results when no-one knew it was coming and we all had massively different drives to get here. So it was about a bunch of tech that our product didn't use, and I was particularly hosed because while my job title was software developer, my actual work was sysadmin, trainer & field engineer. I also wrote the installer for the product, and barely touched the code, other than a bit of UI/UX polish. When I explained that the bulk of my work is traveling to site and installing poo poo, the new boss was like "nah, we have a team at head office that can do that", and so I was let go a month later. Turns out that the head office team were all cloud based SaaS types, and he didn't realise we were installing onto airgapped networks! Not that it mattered as it took them six months to get the next point release out as even with instructions, none of them could figure out how to build the MSI installer once they needed to add new files to it. So yeah I've caught up quickly, am back working in more mainstream IT where I'm happier, and I actually like what the new place does, sits better with my personal politics, so arguments about scripting aside, pretty happy now. (and no bloody clearances needed, so I can actually post on IT rant threads again!)
|
|
#
¿
Sep 19, 2020 00:40
|
|
|
So we got a new co-worker today, and this is gonna be interesting. Naturally at some point the teams chat drifted onto corona, thanks to the UK gov's ever shifting policies on it, and the constant new news articles. Anyway the new guy piped up that he doesn't watch or read the news any more and instead gets his world news from Twitter as it's more reliable. He also looks like the dude from the "boomer with a computer" meme, but until he came out with that gem I wasn't gonna judge him based on that. He also claimed that the Ivanti software we're using is "a straight rip-off of Landesk" Tomorrow I have to walk him through a whole bunch of poo poo I set up and why it's done that way, and I STG if he turns out to be a QAnon follower I'm not gonna be able to keep my mouth shut.
|
|
#
¿
Sep 22, 2020 22:26
|
|
|
The Iron Rose posted:...Ivanti is literally landesk though? Like it’s the successor company post merger. quote:Still pretty poo poo everywhere I’ve seen it used though.
|
|
#
¿
Sep 22, 2020 22:43
|
|
|
I named an AD security group today. I named it using the naming standard that Joe delegated to both the senior guy, and the guy who has been here since day 1, that theybwrote, gave back to him, discussed in a meeting and then he signed off on it. Basically GroupType_AreaOfBusiness_Resource_Permission This was in the end of a Slack chat about the overall setup of the thing that had been going for an hour and was just about done. Of course he pipes up and complains about the group name? ~too long~ and he wants it to just be named after the resource only. The resource in question is another AD object, so it would be the same name.
|
|
#
¿
Sep 23, 2020 18:51
|
|
|
Che Delilas posted:Resource2 That's a good description of the poo poo that's currently in our AD that we're trying to get away from!
|
|
#
¿
Sep 23, 2020 19:35
|
|
|
Pissing me off. I can't get anyone to take the zerologon vuln seriously. Please correct me if I'm wrong but is it basically like this? - Even after the August patches, unless you put it in enforcement mode, any device that communicate with your DC can pwn it and get domain admin. - If you put it in enforcement mode, any device that hasn't been patched to August can no-longer talk to your DC. This also includes Win10Pro <= 1809 and all Win7 unless you have extended support - Come February's DC patches you get non-removable enforcement mode and all the lovely unpatched clients lose access to basic services like file shares There's a lot of old unpatched clients (including 1703), and basically any time too many people complain about reboot prompts, we get told to disable patching, and the desktop team don't seem to give a poo poo, and have never seen it as a priority.
|
|
#
¿
Sep 30, 2020 00:12
|
|
|
Proteus Jones posted:Lay out the concerns in an email with the end-goal of getting some kind of acknowledgement of the issue. A flat denial is even better. Honestly tempting, but no other fucker even patches servers, and while most of them are automated now, there's a few special snowflakes that need doing by hand (because I anti doesn't have a sane way to script patches of you're using agents). The DCs are automated though, so maybe. Is my summary correct though? The complete lack of concern, even from the security guy (who is normally pretty good) has me doubting my assessment.
|
|
#
¿
Sep 30, 2020 10:35
|
|
|
Fart Amplifier posted:No. The patch is enough. There's a python script available which will test your DCs for the vulnerability. Ahh, that's some relief, but we're still hosed in February if we don't start patching desktops, yes?
|
|
#
¿
Sep 30, 2020 18:53
|
|
|
A user in a ticket decided that their computer name was "THIS PC". Ok fine, I don't expect users to know how to get the name when the helpdesk didn't explain it to them. The user even said "this doesn't seem right, but it's all I can find" The helpdesk then escalated it to infrastructure because there is no computer named "THIS PC" anywhere in our systems
|
|
#
¿
Oct 1, 2020 10:36
|
|
|
Thomamelas posted:The Help Desk person didn't realize "This PC" is what Windows uses for all of the local storage when you open up Windows Explorer? Exactly that. I loving despair. That said, half the problem is no-one teaches the Helldesk staff poo poo, so all the good people leave once they figure that out.
|
|
#
¿
Oct 1, 2020 17:22
|
|
|
A "trusted technology partner" installed a bunch of appliances on around 100 of our sites. These appliances connect to their cloud service and have access to customer personal details (name, address, email, phone #, recent transactions etc.) We found a "hidden" config utility on this appliance, and by hidden I mean an unauthenticated HTTP (not HTTPS) server on a non-standard port. This utility happily shows you the API URL and API key in cleartext and does so on its root page. The API key was "letmein". Even Joe was pissed off about that one Lum fucked around with this message at 19:19 on Oct 3, 2020 |
|
#
¿
Oct 3, 2020 13:39
|
|
|
No matter how bad things are pissing you off today, just be glad you don't work at the IT department of Public Health England
|
|
#
¿
Oct 5, 2020 21:07
|
|
|
stevewm posted:My boss is also annoyed by the fact they won't do anything until the building is up and has power. Shove a fairly chonky UPS in the destination room, hidden under a desk, then run a 4 way power strip to wherever you want their equipment to be?
|
|
#
¿
Oct 6, 2020 13:50
|
|
|
Piece of poo poo automated system that rips data from exchange, saves it to a one of three network locations and then deletes it from exchange. If the save fails for any reason then it still gets deleted and the data is lost. lovely software was last updated in 2014 and nobody wants to touch it because no-one knows how it's configured. So to prevent data loss, I'm asked to make a script that monitors the availability of the network locations, and if any of them are unwritable for any reason we shut down this lovely service, so I do it, simple powershell script, attempts to write to three locations and if there's any error, we shutdown the servive if it's running. If there's no errors and the service is not running we start it up. Runs as a scheduled task every 60 seconds. It's far from perfect but it'll prevent the vast majority of data loss. Untill the bosses boss, aka the man who actually asked me to write this loving thing in the first place, gets a complaint that data isn't coming in, notices that the service is stopped and manually starts it at which point it promptly shuts down again. Repeat a few times until he realises that the script is doing it. He determines that only one of the three check locations is failing, and the other two are fine, so he _removes that location from the checks_. Service starts up, he declares it a job well done closes the ticket and finishes for the day without telling anyone what he did until the following morning. Turned out the network between our Exchange and our co-lo datacentre was down and not only did starting the service lose about an hour's worth of incoming data destined for that location each time he attempted to start the service, but he then managed to lose the lot due to editing the script and leaving it to process overnight
|
|
#
¿
Oct 12, 2020 18:35
|
|
|
|
| # ¿ Apr 26, 2024 16:52 |
|
|
My boss had me build an FTPS server. That's bad enough. He then stuck it behind an Azure proxy with two IP addresses, and my server only gets to see the internal IPs now, causing a 50% failure rate in data channel connections. I asked him to fix it so that I could see the actual IP addresses and explained why the server is rejecting mismatched IPs. He wanted to fix it by changing the proxy to a single IP, and I'm like "That's worse. You understand that that's worse, right" Like I get that he's a networks guy and he's younger than me, but how can you understand what NAT is and not have had to deal with the hell that is FTP?
|
|
#
¿
Oct 15, 2020 18:03
|
|