Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Nuclearmonkee
Jun 10, 2009




Dick Trauma posted:

Double Secret Systems Administrator.

Sky Admiral Cloud Administrator

Adbot
ADBOT LOVES YOU

Nuclearmonkee
Jun 10, 2009




Degree doesn't matter except for getting in the door or if you want to go into management.

Nuclearmonkee
Jun 10, 2009




a cop posted:

Getting in the door was the context that began this whole conversation, but I'd say they are also very helpful from a soft skills standpoint and working with teams from design through deployment. Depending on the degree anyways...it's often night and day as far as soft skills go with the CS vs CIS people here. Makes me a lil sad since they are obviously skilled dudes but it's clear how it'll hinder them in the corporate world.

I mean soft skills are just another skill to pick up and if you don't have them it's just as bad as if you were poo poo at coding/networks or w/e. Just never stop learning stuff in general.

Nuclearmonkee
Jun 10, 2009




Sepist posted:

I had to manually configure 45 access points to a wireless controller because my coworker disagrees with using DHCP option 43 with AP security policies on the wireless controller It's not even a security issue because they need to use a VPN when connecting to the wifi to access the network. He has such a boner for doing everything his way on this network, it's such an uphill battle having any design disagreement with him.

Meh.

Wtf this is retarded. Did he have any reason at all?

Could have at least done dhcp and reserved by mac. Manually doing all of them is silly.

Nuclearmonkee
Jun 10, 2009




Arsten posted:

A "Well-Rounded" individual exists in people that have a variety of interests - college/university attendee or not. You do not make a "Well-Rounded" individual by making them take a course they aren't interested in. Just saying "Well, he came out of college/university with a degree and that means he's well-rounded" will bite you more often than not.

Generally it's more "Well, he came out of college/university with an applicable degree and that means probably not a total retard and can probably stick with something, learn about stuff, and do work up to and including the terrible boring busywork that is part of almost any job."

Nuclearmonkee
Jun 10, 2009




Sheep posted:

This is a good opportunity to link Microsoft's licensing how-to. You can skip the most of it and just search "DHCP" for the good bit.

loving lol they didn't even pull out that second bit of the question. At least it gives an honest answer!

Nuclearmonkee
Jun 10, 2009




The Fool posted:

No one here knows what devops is either.

Just another in the long line of nonsense buzzwords. Bin it with the other cyber cloud Web 3.0 disruptive game changers.

My only observed example of "devops" consisted of giving developers increased control/admin access over their infra which always works out as well as you expect.

Nuclearmonkee
Jun 10, 2009




Vulture Culture posted:

It pissed off the company BOFH but they were able to deliver features into the hands of users and keep the company afloat?

They hosed with prod over a series of months until they eventually brought down a a system which interfaced between customer orders and manufacturing in the middle of the day, which screwed up the production schedule for a few weeks and cost a lot of money.

After that sanity was restored and a proper dev to production life cycle was established with superfluous things like "rollback plans" "code review" and "notification of stakeholders".

The whole thing started because our dba was an rear end in a top hat and was generally hell to work with. He looooved telling people no. We ended up putting in octopus deploy which largely removed him from everything but code review in the end.

It was a lovely place to work and I'm glad I'm not there anymore.

Nuclearmonkee
Jun 10, 2009




NippleFloss posted:

Sounds like your company didn't actually do devops, they just did a really lovely thing instead and called it devops?

In my limited bubble the only devops outcomes I've seen or heard of first hand could be described exactly like that.

The twisted retarded version of agile software development and devops.

Nuclearmonkee
Jun 10, 2009




NippleFloss posted:

That doesn't mean devops is a meaningless buzzword, just that a lot of the people talking about it don't actually know what they're talking about.

You just defined what a buzzword is.

Nuclearmonkee
Jun 10, 2009




Fudge posted:

Calling it an interview is probably a stretch too. They were like 'we just wanted to get to know you! Here's our kata.' I was kinda like what the hell your recruiter had my resume I didn't list anything even approximating what you're asking me to do here.

I'm gonna do it tho cause I have a deep existentsial dread about being a Windows/network administrator guy. Someday the cloud is going to take all the jobs. Luckily I'll have pivoted into being a lumbersexual software craftsman.

Yeah if you are in infrastructure you better be learning how to virtualize and automate all the things, unless you are OK with being the poo poo on IT janitor at a smallish place since I don't think those jobs will be going out of style anytime soon.

Everyone needs to have a little lumbersexual software craftsman in them.

Nuclearmonkee
Jun 10, 2009




NippleFloss posted:

For those who suffer from heightened buzzword intolerance, if you distilled the opening day general session talks at VMWorld into a wordcloud it would just be the word CLOUD.

I signed up for the iot session lead by a person with a marketing title and it was glorious. Not a single thing of substance was said for over 30 minutes.

Nuclearmonkee
Jun 10, 2009




Has anyone used cisco hyperflex in here? This poo poo looks perfect for small/medium branch deployments with vdi. I'm thinking I'm going to get a demo and buy a small deployment (single rack) for a site if it's as good as it looks.

Cheaper and faster to spin up vs our current ucs mini + small EMC vnx deployments.

Nuclearmonkee
Jun 10, 2009




jaegerx posted:

I've never shut down a major website. I feel left out. I've got stories of friends that have but never been me.

If you can get all the way to senior level without taking something down stupidly at least once that's pretty impressive.

Nuclearmonkee
Jun 10, 2009




DigitalMocking posted:

Re: taking down large companies, I think we could use a round of stories, so fess up. Here's mine

I was working in govt at the time when I did my best one.

Was working with the server crew on setting up a new virtual environment so I was chillin working on getting them all configured via putty. Meanwhile, some annoying request from the courthouse gets escalated to me, so I pop open a putty window to their MDF switch and pull some logs/stats to show that it was indeed not a network problem, which it was not. This is a common thing since their network over there is a piece of poo poo even by local government standards and in desperate need of an upgrade so sometimes it really is a network problem.

Then I went to get a drink or go to the bathroom or something, don't remember exactly. Then I come back in and continue where I left off on the new switch for our new virtual environment, which was trunking the ports to the hosts.

int po 1
spanning-tree portfast trunk
are you sure idiot don't do this in the wrong spot - hit Y
int po 2
spanning-tree portfast trunk
are you sure idiot don't do this in the wrong spot - hit Y

Phone immediately lights up, NOC screen goes red, courthouse is down. Realize immediately after that that I had the wrong putty window open and just portfast trunked the links from their main switch down to their two main distribution switches (all 3 of which were in a ring) which unsurprisingly made their entire horrible network poo poo the bed. I unfucked it immediately but the damage was done. They had a bunch of old rear end access switches over there all in a single broadcast domain, some old Ciscos that had err-disabled but didn't have autorecovery enabled, other unmanaged/garbage tier switches that had simply locked up and needed to be power cycled to get them to come back. There were a bunch of these many of which were not actually where the map said they were, my favorite of which was a 2950 which had been sealed inside a wall for some unknown reason that was serving a clerk area. It took us a while to find that one and we had to remove a bit of drywall to get to it. Apparently there had been an access panel for something there that had been removed and patched while leaving the switch inside.

It took multiple hours for us to get the whole network back online and we had some extremely pissed off attorneys, judges and staff for a bit. They ended up using some of their asset forfeiture money to buy some shiny new gear to make the network not suck after that and I never did get reprimanded or anything cause lol local government.

Nuclearmonkee fucked around with this message at 16:59 on Sep 2, 2016

Nuclearmonkee
Jun 10, 2009




GnarlyCharlie4u posted:

Happy 3 day weekend

(If that's a thing that you actually get)

Labor day weekend is the only time all year the power plant I support shuts down. So it's maintenance time.

I get next Thursday Friday instead hooray for manufacturing.

Nuclearmonkee
Jun 10, 2009




demonicon posted:

In almost all industries that require some form of storage or manufacture something.

I work in manufacturing and it's not like this at all. It makes a huge difference if it's a publicly traded company in general though. If they are publicly traded and do govt contracts hold onto your butt.

Nuclearmonkee
Jun 10, 2009




Arsten posted:

I have had friends who do IT work at manufacturers that will pay someone a couple hundred thousand dollars if they can shave a penny off of each product to pop out of the process.

This times a lot.

In my current job I am modernizing a whole bunch of manufacturing plants and pulling their networks together specifically to 1) change it from 98-99%ish uptime to 99.999% because downtime is expensive as gently caress in a manufacturing plant and 2) to enable the application of linear optimization so the company knows what to make at any particular time and change it very quickly in order to make the most money. Save a quarter of a percent on materials here, identify some tiny inefficiency there, etc. They are paying many millions for this and it's 100% worth it.

This is in something as unsexy and simple as wood products but it applies pretty broadly for most competitive markets. If you aren't extremely efficient and automated you can't compete with the people who are or the companies employing someone far away for a buck an hour to make the same thing. The more commoditized your product is the truer this becomes.

Nuclearmonkee
Jun 10, 2009




Judge Schnoopy posted:

I just interviewed (and am wishing every minute for a call back) for a sole IT position of a government branch, where most of the work is sourced out to a local MSP.

I would finally get to be the guy on the other side of the table from the MSP, telling them what to do, demanding they hand over documentation, and picking and choosing the work I actually have to do.

After 2 years at an MSP this would be an absolute dream come true.

It's just as terrible on the other side a lot of the time. You know the guy you work with at the MSP who is poo poo and always leaves a mess that other people have to fix? You will get that guy and spend more time managing their work and making sure poo poo is actually done right than you would spend to do it yourself . If you have to deal with any kind of security standard, which lots of govt branches do, this is even more of a giant loving headache when you get audited and figure out what hosed up thing was done which has to be fixed after the fact. Or maaaaaybe you will get lucky. Burn an offering or something.

Also it's government so if you think it will be less hosed up.

Nuclearmonkee fucked around with this message at 17:39 on Sep 7, 2016

Nuclearmonkee
Jun 10, 2009




Judge Schnoopy posted:

She contacted my first two references and said they were fantastic. I honestly don't know why she needs to contact my current employer at all. This is why my third option is to ask her "hey why not just call another one of my old managers instead and we'll all be super happy". At the same time I don't want it to seem like I'm hiding or shying away from anything, and I know my current manager would give me a solid reference if they called her.


It's easy to say this but how would it work? "Hey please offer me a bunch of money and a position at the company but don't call my references until I say yes to your deal!"

Don't the references play in to how much your offer would be worth?

"My current employer would fire me if they figure out I'm looking for a job so I can't have you calling them until I'm sure that I have an offer."

If you have other good references it should be fine and if they just want to verify your current employment offer a paystub or something.

Nuclearmonkee
Jun 10, 2009




anthonypants posted:

Unfortunately, he's confident he can deal with these sort of things but he's shown repeatedly that we should not trust him.

Dunning Kruger strikes again.

Nuclearmonkee
Jun 10, 2009




Sepist posted:

Cisco TAC is the best.


"That version of code you're running is garbage, I suggest downgrading to 3.06" (I'm running the latest)
"Sure but I installed this one as it's the only oen that supports our 3702i UX platform"
*10 minutes later*
"Yea don't downgrade, forget everything I said"

Also told me my wireless design is wrong because my gateway is not the controller but instead the core router trunking to the wireless controller.

Shine on you crazy diamonds.

The real question is, do you want to go through the hassle of escalating or just call and get it re-queued.

Nuclearmonkee
Jun 10, 2009




Chickenwalker posted:

Something I haven't really gotten a straight answer on from Fortinet: for those of you who already have an edge router that you're not looking to replace, when you put the Fortigate (or Palo Alto, whatever) in place, are you using it in NAT mode or "Transparent" mode? I deployed mine in Transparent mode to preserve the 802.1q trunk I had going from router to switch but it seems much more limited than NAT mode and seems to be a pretty uncommon way of utilizing the system. But then how do you utilize NAT mode so that you're not doubling up on NATing or doing extra unnecessary routing? I just want this security appliance to do its job and not interfere with what the router is doing.

Unless you have some strange big datacenter edge case you generally want them in routed mode. There are a lot of things that don't work when it's an L2 device.

For NAT, it kind of depends on your architecture and what you are doing but generally I do NATs on the firewall and just let the router route. If you have a visio or something to show a bit of the topology and what the devices are doing I'm sure people in here could give suggestions on specifics.

Lately I haven't even been buying routers for ROBOs as an HA pair of firewalls can generally do everything I need.

Nuclearmonkee fucked around with this message at 15:00 on Sep 13, 2016

Nuclearmonkee
Jun 10, 2009




Sepist posted:

That's surprising, the 6500 is one of the most bullet proof devices cisco ever made. I've seen them sitting around for 14 years running catOS before a fan dies (which of course requires downtime because the someone ran the cables to both sides covering the fan module).

There's probably more outages weekly caused by the POS that is the nexus brand than 6500 outages ever.

This. I've literally never had issues with a 6500 chassis with redundant sups. What was the bug in particular? I have seen an instance where someone had redundant sups but never bothered to enter the two lines required in order to turn on SSO. Eventually the primary fell over and welp.

I currently have an undiagnosed bug with an ASA that is inserting strange mysterious static routes in its own routing table seemingly at random to route the connected MPLS interface subnet towards the outside interface, breaking all MPLS bound traffic when it does so. Cisco wanted me to setup a local syslog server (which normally is over the MPLS) so I could get logs as they couldn't figure out what the gently caress with the tech support files.

Instead of doing all of that I put in this beautiful route to the MPLS network next hop:

code:
route mpls 10.176.255.1 255.255.255.255 10.176.255.1 1
which seems to have prevented it from breaking itself ever since The Cisco guy seemed a little salty that I just slapped a lovely bandaid on it and called it good, but eh I don't want to setup another syslog server so go find some other customer to be your bug testing environment.

Nuclearmonkee fucked around with this message at 15:22 on Sep 16, 2016

Nuclearmonkee
Jun 10, 2009




Ugh I have a relative who has been running PPTP to their old DD-WRT router with mac clients. It's just a 3 person business but I expect I'll be getting that phone call and do not look forward to trying to upgrade the stupid thing.

Last time I was there I tried changing it but there was some kind of bug in OpenVPN on the current version of DD-WRT and I threw up my hands rather than gently caress with it. Has anyone gotten that working or am I better off just getting them to buy something like a 5506x? It comes with two licenses which would be enough.

Nuclearmonkee
Jun 10, 2009




MF_James posted:

I had an issue with my previous router and DD-WRT not running OpenVPN properly, if you figure it out let me know.

gently caress

Nuclearmonkee
Jun 10, 2009




Judge Schnoopy posted:

The pptp barely helps. It redirects the stream into a cone that fires downward in every direction for a few seconds until it's blasted off, then you still get soaked in humiliation.

The true key is to have the new diaper ready as a shield. But even then, nothing will ever prepare you for the moment the poo poo-cannon goes off. Submit yourself to the eventual horror now.

Remove diaper, blow air at them quickly or wipe them with a wet wipe and immediately put the diaper back on before they pee. It's the shock of the temperature change.

Nothing you can do about the poo poo cannon though.

Nuclearmonkee
Jun 10, 2009




MF_James posted:

I had an issue with my previous router and DD-WRT not running OpenVPN properly, if you figure it out let me know.

I went ahead and called them before 9/20 came and muddled through it remotely.

Updated them to the latest stable version of DD-WRT and OpenVPN started behaving immediately.

Generated keys per: https://openvpn.net/index.php/open-.../howto.html#pki and installed Tunnelblick https://tunnelblick.net/ as their Mac OpenVPN client.

Router config below:




The pushed route is for the local LAN that you are accessing.

Client config:

code:
remote xxx.xxx.xxx.xxx 1194
client
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-256-cbc
float
tun-mtu 1500
ca ca.crt
cert client.crt
key client.key

ns-cert-type server
comp-lzo
verb 3
Generating certs is the most annoying step but it really wasn't that bad overall.

Nuclearmonkee
Jun 10, 2009




SeaborneClink posted:

antivirus isn't useful

I will cut u.

Nuclearmonkee
Jun 10, 2009




mayodreams posted:

I was chatting with my account manager at Zones this morning and he was trying to get us connected with our new VMware rep.

I told him that I've joked with our team that we should switch to Hyper-V, and he told me that knew multiple guys who actually did switch to Hyper-V and got FIRED because it was that bad.



It's not that bad. If you are a powershell wizard you can even get it close to vmware levels on the automation side.

It's quite sufficient for the average deployment and far cheaper.

Nuclearmonkee
Jun 10, 2009




Hmm I thought you guys were using shared storage. Everything looks like it is running locally on your hosts with no clustering or shared storage...

It's right there!



Nuclearmonkee
Jun 10, 2009




Thanks Ants posted:

Is that a DC power supply just chilling out in the open

Of course.

The fiber is way worse than that photo shows. All om1 for starters.

Had 24 strand on one end with 8 on the other in one instance. An electrician bought a fusion splicer and was pulling individual pairs out and splicing them to go to god knows where. He doesn't have any test equipment and has never calibrated the splicer. No documentation or map exists. In another area there is an 500ft copper run with problems (surprise) and another 600ft run they fixed by putting a hub in at about 300ft.

This runs a 24/7 manufacturing facility.

Nuclearmonkee fucked around with this message at 17:18 on Sep 28, 2016

Nuclearmonkee
Jun 10, 2009




rafikki posted:

There's been a bit of a debate at work lately. Are the people who pronounce IPsec as "ip sec" monsters, compared to the people who pronounce it "I P sec"

Everyone is a monster. I use I P sec personally

Nuclearmonkee
Jun 10, 2009




Collateral Damage posted:

This is why I hate 600mm wide racks. Even if you wanted to, there's no room to properly manage that amount of cable without extra space around the rails.

Bad racks, wrong lengths, no effort. A winning combination for everyone. I like the random bits of velcro that were probably put there when someone was thinking "hmm maybe 20+ pounds of weight on my switch ports isn't that good. But redoing it is hard "

Nuclearmonkee
Jun 10, 2009




nm this should be in another thread

Nuclearmonkee fucked around with this message at 02:51 on Oct 12, 2016

Nuclearmonkee
Jun 10, 2009




milk milk lemonade posted:

My wife is a German citizen and speaks the language. We've talked about trying to immigrate to Koln - such a loving awesome city. Doubt a non German speaking IT guy would be in high demand though lol

Well if you are going to move there I assume you would learn the language.

Nuclearmonkee
Jun 10, 2009




Dr. Arbitrary posted:

This is a great way to exercise post-incident analysis.
The two approaches are:
"Why did this happen?" An idiot bumped into the power breaker.

"How did this happen?" The power breaker isn't protected from the predictable inevitability that someone will bump into it.

Coward!

I have an industrial control system for a power plant at a site which is directly mounted onto a wall, entirely unprotected and just begging for someone to bump into it while they are working in the server rack next to it. It has never been crashed into yet and is therefore a good and safe way to mount such equipment forever.

Nuclearmonkee
Jun 10, 2009




Local government is a great place to work if your resume needs building and you want to move up to working on larger more complicated (albeit mostly old) stuff. If you have the experience just lol find somewhere that can pay you actual money. The old "benefits are good pay is poo poo" thing is turning more and more into just "pay is poo poo" as state/local pensions and medical programs get slashed.

Nuclearmonkee
Jun 10, 2009




I don't have to gently caress with phones or email at my current job and it's bliss.

Adbot
ADBOT LOVES YOU

Nuclearmonkee
Jun 10, 2009




big money big clit posted:

Before IP telephony became common phone guys were a separate and distinct breed of weirdos from regular IT, and did their own poo poo. And that was good.

You still find some of these fossils who converted to networking though i haven't met one who is good at it yet.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply