Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
«1156 »
  • Post
  • Reply
GnarlyCharlie4u
Sep 23, 2007

I have an unhealthy obsession with motorcycles.

Proof


H110Hawk posted:

"15 minutes is an hour, an hour is a day, and a day is end of the week." - Your schedule moves and changes with the wind, and everything takes way longer than you think it should. Doubly so when talking to outside teams. If you're talking to your boss about prioritization then make sure to be crystal clear about what you aren't doing in order to accomplish this new task. "That should take around an hour, I would have to stop working on X to do Y. OK?"

If the answer is "stay late and do both" that's fine, but it should be said out loud.

I've unfortunately found that it should actually be said very explicitly in an email that is printed out and highlighted so you can hand their words right back to them.

Even then you'll just be told "you should have been able to do x and y and even z in 15 minutes. You need to FOCUS!"

Adbot
ADBOT LOVES YOU

kensei
Dec 27, 2007

He has come home, where he belongs. The Ancient Mariner returns to lead his first team to glory, forever and ever. Amen!



H110Hawk posted:

What are your requirements?

Single place to get everything is my primary goal. IT does not currently control DNS, marketing does, and I am working on formulating a strategy to get everything into one place under our control so that we no longer get burned by domain names or SSL expiring that we literally had no idea existed.

quote:

DNS: NS1 is the clear leader in DNS tech right now.
SSL: Why not letsencrypt? Otherwise sort by price least to greatest.

I'm not against any one thing, and maybe I do need to consider one provider for DNS and one for SSL but if I am going to move literally hundreds of records I would prefer to just deal with one provider

quote:

Don't use Godaddy it's awful. Their phone support is great, their chat support is of negative usefulness.

Good to know

One thing I have to consider is we do use Riverbed accelerators so every time the SSL is renewed on the git server, for example, I have to export it out and upload it to the riverbed. If I can do that once every 2 years that beats every 90 days or whatever...

kensei fucked around with this message at May 21, 2018 around 17:28

wolrah
May 8, 2006
what?


kensei posted:

One thing I have to consider is we do use Riverbed accelerators so every time the SSL is renewed on the git server, for example, I have to export it out and upload it to the riverbed. If I can do that once every 2 years that beats every 90 days or whatever...

Rule #1 of Let's Encrypt is automation. If two years vs. 90 days actually makes a tangible difference to a human you're not doing LE right.

Do the Riverbed devices have an API of any sort or even a scrapeable interface that you could use to script the process of installing keys when they're renewed? If so you can probably tweak one of the acme.sh deploy scripts to fit your needs, and if you're feeling really friendly submit it back to the project as a pull request so other users of those things can benefit.

https://github.com/Neilpang/acme.sh/tree/master/deploy

The CPanel script demonstrates using a local custom binary, the Kong script demonstrates a remote API, the Fritz!box script shows a screen scraper, and the SSH script shows a solid generic strategy for basically anything supporting SSH with file transfer.

kensei
Dec 27, 2007

He has come home, where he belongs. The Ancient Mariner returns to lead his first team to glory, forever and ever. Amen!



wolrah posted:

Rule #1 of Let's Encrypt is automation. If two years vs. 90 days actually makes a tangible difference to a human you're not doing LE right.

Do the Riverbed devices have an API of any sort or even a scrapeable interface that you could use to script the process of installing keys when they're renewed? If so you can probably tweak one of the acme.sh deploy scripts to fit your needs, and if you're feeling really friendly submit it back to the project as a pull request so other users of those things can benefit.

https://github.com/Neilpang/acme.sh/tree/master/deploy

The CPanel script demonstrates using a local custom binary, the Kong script demonstrates a remote API, the Fritz!box script shows a screen scraper, and the SSH script shows a solid generic strategy for basically anything supporting SSH with file transfer.

This is very cool and something I will have to investigate more. Thanks!

jaegerx
Sep 10, 2012



Grimey Drawer

I like cloud flare because of the ease of use of their api plus terraform integration. It's nice spinning up a new server and automatically creating a dns name for it.

Thanks Ants
May 21, 2004

I am quite pissed at my fat man avatar.
I am too politically correct to say this out loud though.
I yearn for a reason to exist.
Help.


Fun Shoe

kensei posted:

Friends, who do you use for your SSL and DNS? I want to move to one provider for both, and am wondering what you all use. I am leaning Namecheap but would love to see alternatives.

I use Route53 and AWS Certificate Manager

The Fool
Oct 16, 2003



I use Azure DNS and Let's Encrypt

H110Hawk
Dec 28, 2006
Can't install Windows?
BUY APPLE


kensei posted:

Single place to get everything is my primary goal. IT does not currently control DNS, marketing does, and I am working on formulating a strategy to get everything into one place under our control so that we no longer get burned by domain names or SSL expiring that we literally had no idea existed.

I'm not against any one thing, and maybe I do need to consider one provider for DNS and one for SSL but if I am going to move literally hundreds of records I would prefer to just deal with one provider

One thing I have to consider is we do use Riverbed accelerators so every time the SSL is renewed on the git server, for example, I have to export it out and upload it to the riverbed. If I can do that once every 2 years that beats every 90 days or whatever...

Having a non-API driven appliance you have to deal with is important information there. I wouldn't use letsencrypt in any environment where it can't be set it and forget it.

For your literally hundreds of records you should have machines doing the work for you:

pre:
$ alias nscurl='curl --silent -H "X-NSONE-Key: five -X '
$ for i in $(nscurl GET https://api.nsone.net/v1/zones/ | jq -r '.[] | .zone') ; do nscurl GET https://api.nsone.net/v1/zones/${i} | jq '.records[] | .domain' ; done > complete-dns-dump.txt
$ wc complete-dns-dump.txt
  686   686 17125 complete-dns-dump.txt
If your records are all 100% static I wouldn't put too much thought into providers who aren't godaddy. NS1 really shines with their magic, not the static stuff.

guppy
Sep 21, 2004

sting like a byob

Vulture Culture posted:

Hey, let's cement all our career cynicism in eponymous laws! Examples:

Goodhart's Law: When a measure becomes a target, it ceases to be a good measure.

Parkinson's Law: Work expands to fill the time available for its completion.



Here's Vulture Culture's Law:

As storage becomes cheaper, and the cost of preserving and retaining worthless data approaches 0, the business value of a hard disk remains fixed even as capacity increases.

My big one, which I guess is Guppy's Law: All temporary fixes become permanent installations.

I refuse to do horrible temporary Band-Aids unless my boss insists, because they never, ever get corrected to the un-horrible thing they should have been in the first place.

lampey
Mar 27, 2012



Alfajor posted:

Ok, i guess I'll chill for a while.

Next question: Let's assume I get the offer before 5pm. I'm ready to accept it. Do I put in my notice at current job today, or next Monday?

This depends on the company culture too. Most would prefer 2+ weeks notice to help find and train a replacement. Some companies will walk you out immediately after giving notice. It is also common for job offers to fall through over the weekend. Do not put in your notice until you are comfortable being asked not to come in to work. It is not your job to make sure the old business keeps running because they are under prepared .

Vulture Culture
Jul 14, 2003

I was never enjoying it. I only eat it for the nutrients.


I've given 4 weeks notice on 2 separate occasions and on both I have felt completely unmotivated to do any meaningful work beyond the end of the second week. I will generally push people to wrap up their tenure by the end of week 2, but respect their decision if they push back to stay on the full time.

Adbot
ADBOT LOVES YOU

Sprechensiesexy
Dec 26, 2010

Tetten? Tetten? Tetten? Tetten?


A perfect plan will attract the perfect amount of retards to ruin said plan.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
«1156 »