IT/Software career thread: Invert binary trees for dollars.

  • Guest, it's time once again for the massively important and exciting FoH Asshat Tournament!



    Go here and give us your nominations!
    Who's been the biggest Asshat in the last year? Give us your worst ones!
Neranja

Neranja

<Bronze Donator>
2,633
4,212
Mist said:
It's a lot of god damn certs to manage, and every different product in the environment has its own set of concerns and different installation/renewal process.
Click to expand...
We have written our own PKI management software because of that. No one can help you with cert distribution, because frankly every software out there sucks, to a varying degree.

From a security perspective every device and every service on the network should have an "owner", and one or more deputies. All should be living, breathing persons and not a functional mailbox no one ever reads. Depending on the runtime of the certificates, expiring certificates should automatically trigger email reminders 1 to 3 months before. As in everything security, documentation is everything.

Yes, it's a lot of work, but if it's in the cloud there already should be SCM in place, so you can automate at least part of it.
 
  • 1Like
Reactions: 1 user
TomServo

TomServo

<Bronze Donator>
6,996
9,937
At a minimum all non high security zone servers and desktops should be auto renewal in a cert template.
 
Janx

Janx

<Silver Donator>
6,602
17,988
Mist said:
That's not at all what I'm talking about. I don't mean "how do certs work?" I mean "actually dealing with certs in the real world."

Specifically, the mechanics and logistics of actually managing a large number of certificates in multiple complex environments with products from multiple different vendors. Managing 3rd party certs vs internal certs. Knowing the difference between single domain certs and wildcard certs and what the use-cases are. Building root and intermediate CAs, getting certs signed and installed on a bunch of servers in the cloud, etc. Oh and NOT LETTING EVERYTHING EXPIRE IN THE MIDDLE OF THE FUCKING NIGHT AND CAUSING A TOTAL SHITSTORM.

Tons of people out there are like "I know how certs work!" and then when it comes to actually having to do any kind of project work or maintenance work on getting the right certs signed, installed, renewed, replaced with ones from a different authority, etc, totally drop the fucking ball.
Click to expand...
Wait, is it not common practice to let certs expire?!? The amount of times the people that "manage" our servers have let certs expire and disk space fill up is astounding (and this is in production). I even thought of writing a powershell script or something that would email me but no fucking way am I going to do their job and be a middleman for their incompetence.
 
  • 1Like
Reactions: 1 user
Deathwing

Deathwing

<Bronze Donator>
16,763
7,784
Expiring certs is how IT knows you're using their precious assets. It's the 99% disk usage of the 21st century.
 
Neranja

Neranja

<Bronze Donator>
2,633
4,212
Janx said:
The amount of times the people that "manage" our servers have let certs expire and disk space fill up is astounding (and this is in production).
Click to expand...
This is telling me they have no monitoring/reporting without telling me they have no monitoring/reporting.
 
  • 1Like
Reactions: 1 user
Mist

Mist

REEEEeyore
<Gold Donor>
31,218
23,426
Neranja said:
This is telling me they have no monitoring/reporting without telling me they have no monitoring/reporting.
Click to expand...
At an MSP, I'd say 80% of all escalations, possibly even outages, for clients ultimately come because:

A) A managed element (server, firewall, switch, etc) was never onboarded to monitoring when the customer was onboarded.
B) The element was onboarded to monitoring tool, but the right SNMP metrics/disks/services were not being monitored.
C) The right things were being monitored, but the thresholds were set incorrectly.
D) The device, metric, etc, was labeled poorly in the monitoring dashboard so the event management or incident management teams didn't action it properly.
E) Someone low on the triage ladder closed the alerts as not actionable, or worse, held the alerts their name and never did anything with them because there wasn't a documented process in place for what to actually do with that alert, aside from telling the customer X thing is red.
F) There's a bug in the monitoring tool that nobody got around to fixing yet because it's for a class of device that not a lot of clients have.
 
  • 1Like
Reactions: 1 user
TJT

TJT

Mr. Poopybutthole
<Gold Donor>
42,797
109,251
Mist said:
At an MSP, I'd say 80% of all escalations, possibly even outages, for clients ultimately come because:

A) A managed element (server, firewall, switch, etc) was never onboarded to monitoring when the customer was onboarded.
B) The element was onboarded to monitoring tool, but the right SNMP metrics/disks/services were not being monitored.
C) The right things were being monitored, but the thresholds were set incorrectly.
D) The device, metric, etc, was labeled poorly in the monitoring dashboard so the event management or incident management teams didn't action it properly.
E) Someone low on the triage ladder closed the alerts as not actionable, or worse, held the alerts their name and never did anything with them because there wasn't a documented process in place for what to actually do with that alert, aside from telling the customer X thing is red.
F) There's a bug in the monitoring tool that nobody got around to fixing yet because it's for a class of device that not a lot of clients have.
Click to expand...
Are you using Solarwinds or something to do this?
 
Mist

Mist

REEEEeyore
<Gold Donor>
31,218
23,426
TJT said:
Are you using Solarwinds or something to do this?
Click to expand...
Something like that, yeah. At the new employer, we have a few different remote monitoring tools (that often double as remote access gateways) that can be installed in customer environments, that then aggregate alerts up to master dashboards for each customer, which then have an integration to open event tickets in our ITSM platform, which can be escalated to incidents during triage.

I don't really touch as much of this stuff as I did at my old employer though.
 
  • 1Like
Reactions: 1 user
Conefed

Conefed

Blackwing Lair Raider
2,850
1,702
First semester of classes is almost over, finished Linux tonight.

Two big projects and two tests remaining

Look for scholarships and job and sign up for spring semester is next
 
  • 1Like
Reactions: 1 user
Mist

Mist

REEEEeyore
<Gold Donor>
31,218
23,426
Conefed said:
First semester of classes is almost over, finished Linux tonight.

Two big projects and two tests remaining

Look for scholarships and job and sign up for spring semester is next
Click to expand...
It's not too late to do something useful and fulfilling with your life.
 
  • 2Like
Reactions: 1 users
Conefed

Conefed

Blackwing Lair Raider
2,850
1,702
I'm a dork
I like stat blocking

Assigning ip addresses and stuff scratches that itch in an indirect way
 
Conefed

Conefed

Blackwing Lair Raider
2,850
1,702
Using Packet Tracer, I'm trying to communicate to CISCO.com, a named server.

From a PC, I can both ping the address for CISCO.com and the name "cisco.com"
Likewise, I can ping the address and name for the dns server.

from the dns server, I can ping everything also.

from the PC, nslookup and tracert work

but from the PC's web browser widget, "host name unresolved"

What am I overlooking?
 
Mist

Mist

REEEEeyore
<Gold Donor>
31,218
23,426
Conefed said:
Using Packet Tracer, I'm trying to communicate to CISCO.com, a named server.

From a PC, I can both ping the address for CISCO.com and the name "cisco.com"
Likewise, I can ping the address and name for the dns server.

from the dns server, I can ping everything also.

from the PC, nslookup and tracert work

but from the PC's web browser widget, "host name unresolved"

What am I overlooking?
Click to expand...
Proxy settings in the browser configured incorrectly?
 
Conefed

Conefed

Blackwing Lair Raider
2,850
1,702
Had friend in area come over and the shit started working like it hadn't for the past two hours

/facepalm
 
  • 1Like
Reactions: 1 user
Voyce

Voyce

Shit Lord Supreme
<Donor>
8,252
29,307
Paraphrase:

Me: Dev X is getting in the way of Devs Y and Z making the deadlines for these extremely aggressive deliverables, requesting contract changes for minor spelling, cosmetic format changes errors etc...

Boss: I don't fault Employee Y, we should have those corrected

Me: It can wait until after the Deliverables are met

Boss: If it's not done now then it will never get done

Me: You're right, we should stop hiring H1B1 Visa's who can't speak or write English, and leveraging their tentative legal work status as a means to gouge them to work hours past the clock, as opposed to offering overtime to more competent Devs who we would have to subsequently pay more. Or more productively, pushing back at our Users who pissed away three months of our Development for some crappy Business Rules.

Boss: ...

Me: Please do the needful
 
Last edited:
  • 3Like
  • 2Worf
  • 1Solidarity
Reactions: 5 users
TJT

TJT

Mr. Poopybutthole
<Gold Donor>
42,797
109,251
I've been having to train a guy in India for some stuff. He's okay but I think my main gripe is apprehension. Like they want constant checks and rechecks on things they do before they actually do them. So it requires more management time than I would like to get things done. Even their senior people do this.

Also within the next quarter I am hiring the following: Business Intelligence Analyst, Senior Business Analyst for a Data Analytics and Governance team. I don't think a 100% remote offering is allowed. However the offering is extended to all of our offices so if you're in SoCal, Austin, or Boston and are interested PM me I'll give you the rundown.
 
  • 1Quality Calories
Reactions: 1 user
TJT

TJT

Mr. Poopybutthole
<Gold Donor>
42,797
109,251
TomServo TomServo I want to change my opinion on Google Cloud Platform. While its UI and UX suck and I hate a lot of shit about it. GCP is second to none on its ability to process shitloads of data. We're talking petabytes at a time. Even with the largest offering on Snowflake that will take forever. GCP torques that shit out in 10 minutes and charges you for the processing power but you don't have to be on enterprise accounts or anything to get it. It just adjusts as you need it.

Which AWS, Azure, and Snowflake don't do. So I can see when its good to have. Everything else about it is still awful.
 
  • 1Mother of God
Reactions: 1 user
TomServo

TomServo

<Bronze Donator>
6,996
9,937
Thats good to hear. I'm currently fighting with a splinter group that were exiled from our DI team, who have been running a rogue Power BI datawarehouse on prem, and now want to rush a production redshift deployment. I killed it one time back in july. they back with a self imposed deadline of monday. So i just pulled in our deputy general counsel, privacy officer and am going to smash their skulls in.
 
  • 2Like
  • 1Worf
Reactions: 2 users
You must log in or register to reply here.