Consolidated Business & Enterprise Computing Rant Thread

Discussion in 'Business & Enterprise Computing' started by elvis, Jul 1, 2008.

  1. GreenBeret

    GreenBeret Member

    Joined:
    Dec 31, 2001
    Messages:
    19,370
    Location:
    Melbourne
    I'm sure the main reason we (my workplace) haven't been hacked to pieces is because we don't actually do anything important or valuable here. :lol:

    The areas my team manage do our own security, thankfully, and we're fighting to keep it that way.
     
  2. FiShy

    FiShy Member

    Joined:
    Aug 15, 2001
    Messages:
    9,682

    Degrees in IT are worthless, please factor that in.


    On slow days i play with traffic flows and encryption for traffic that flows over our IDS just to mess with the security guys.

    One of our security guys was racking some IPS/IDP device in our lab rack and the rack as switch in the middle and the cables are already plugged in and ready to go just grab one of the free ones.

    Next day i come in and go to use the lab and find its totally fucked... go in and the lab switch with its 12 already plugged cat5 cables hanging unused and the new idp device plugged in via a red cable..
     
    Last edited: Sep 5, 2013
  3. GreenBeret

    GreenBeret Member

    Joined:
    Dec 31, 2001
    Messages:
    19,370
    Location:
    Melbourne
    When in doubt, just unplug everything. What can go wrong? :p
     
  4. mwil7034

    mwil7034 Member

    Joined:
    Jan 15, 2003
    Messages:
    612
    Location:
    Woy Woy
    Yeah IT has gone downhill faster in the last 5 years I think, particularly in finance. I've been in IT for about 12 years now and I think it may be time for me to move on.

    For example, I have seen some pretty messed up shit from individuals pulling in 150k+ in y current workplace:

    - Mounting volumes on /
    - Dropping iptables/firewalls repeatedly and locking out access.
    - Spawning processes from while true loops and exhausting resources
    - running large Prod envs on DHCP (4000+ machines)
    - Everyone appears unable to configure a JVM to use less than 200% of the available resources.
    - log file management DOES NOT EXIST. If I have to log onto another server to clear logs I will seriously remove the entire drive/volume.
    - Reverse DNS zones broken for 12+ months in Prod without anyone noticing
    - chmodding / to 777
    - resetting systemwide umask to allow a service to read log files
    - using cygwin to manage Windows hosts for a couple of thousand machines
    - 24GB of swap for virtual instances with 2GB of memory
    - Alerts for cache usage yet swap usage alerts disabled
    - Nightly reboots of Tier 1 critical apps that rely on tier 3 components responding and is not monitored
    - Some idiot thought giving 2000+ individuals all root access was a sane idea. Same individuals agreed to give the same level of access to ~4 other external companies with thousands more employees.
    - CMDB completely useless, cant even search by IP! There are no network maps in the place either.
    - Disabling every damn ssl/tls configuration to simplify things
    - rpms built out of a tarball of rpms which are built out of more tarballs of rpms. freakin rpm inception
    - developer init scripts that clobber configurations repeatedly and break auth, auditing, ssh access etc
    - Nearly every script exits 0 regardless in this workplace! ie silently fail
    - Every component has been outsourced and ownership devalued so far it often takes 6 months or more to perform simple tasks such as reset passwords or even rectify production issues! ffs

    That's just a short list of things I dealt with the last couple of days that I can remember but the list is never ending. It was comical for the first 6 months, I've since gotten to the point where I float between rage and apathy depending on the commute in!
     
  5. SilentLeges

    SilentLeges New Member

    Joined:
    Mar 20, 2012
    Messages:
    482
    Dosen't chomodding 777 basically give everyone god like access to the directory?

    I am only young in the industry but i can see its going downhill fast if continue down this track. IT wasn't my first career choice I almost became a copper and thinking about it would've loved to do drug enforcement.
     
  6. mwil7034

    mwil7034 Member

    Joined:
    Jan 15, 2003
    Messages:
    612
    Location:
    Woy Woy
    Yeah exactly, they couldnt ssh to the instance afterwards because also because SSH will refuse to access connections with public readable keys etc, pretty much fubars the server, told them I wasn't fixing it as it was self inflicted and completely idiotic.
     
  7. chip

    chip Member

    Joined:
    Dec 24, 2001
    Messages:
    3,906
    Location:
    Pooraka Maccas drivethrough
    Can you expand on why using DHCP on a network with thousands of hosts is a bad thing? It's not prima facie absurd like chmod'ing 777 on the root directory.
     
  8. Shags

    Shags Member

    Joined:
    Jul 29, 2004
    Messages:
    1,779
    Location:
    Melbourne
    I'd also like to hear this one... Changing DNS Settings or gateways manually on 4000 hosts doesn't sound like fun..
     
  9. Gunna

    Gunna Member

    Joined:
    Dec 25, 2001
    Messages:
    7,730
    Location:
    Brisbane

    I think he was hinting at breaking the network down in to smaller subnets instead of having 4000+ DHCP requests coming through on the one network, imagine the noise on that network, unless I also missed the point he was trying to make.
     
  10. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,305
    You can use DHCP relay/helper to have a single DHCP server hand out IP address to non-local subnets.
     
  11. mwil7034

    mwil7034 Member

    Joined:
    Jan 15, 2003
    Messages:
    612
    Location:
    Woy Woy
    Ah because they are left dhcp'd and not statically bound to that IP over the lifetime of the server. These are servers not desktops etc. The leases are lost from time to time and/or the machines reregister on other IPs. Its a nightmare.

    So many times firewall rules for new networks etc break or the DHCP relays fail etc and we have 100s of machines disappear from the network :( Oh, the lease time is set to 15 mins.

    Agreed DHCP is handy for configuring DNS and hostnames etc but thats what puppet is for (clarify: after the fact, ie once its running)! If you wish to rely on DHCP use it for onboarding only and write the static IP to the instance upon first boot. There is no need to leave it relying on DHCP indefinitely!
     
    Last edited: Sep 6, 2013
  12. chip

    chip Member

    Joined:
    Dec 24, 2001
    Messages:
    3,906
    Location:
    Pooraka Maccas drivethrough
    Yeah, whoever's responsible for that mess needs to spend some time in the room of mirrors having a good, hard look at themselves.
     
  13. tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,420
    Location:
    Narrabri NSW
    I figured servers when I read it... Nothing like a server using DHCP... Except maybe a printer that goes missing when it gets a new IP.
     
    Last edited by a moderator: Sep 11, 2013
  14. FiShy

    FiShy Member

    Joined:
    Aug 15, 2001
    Messages:
    9,682
    People wanting proactivtly monitored QoS queues... :(
     
  15. IACSecurity

    IACSecurity Member

    Joined:
    Jul 11, 2008
    Messages:
    760
    Location:
    ork.sg
    I need an appliance to do anything/everything, and it must be an "appliance".
     
  16. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,156
    Location:
    Canberra
    New one? or Old one.

    They are both shithouse, just the new one is more spectacularly so. Although I was told that the service pack restores the pre 2012 functionality...
     
  17. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    9,277
    Location:
    Briz Vegas
    Outsourcing to foreign countries because it will "save" money, then complain about the level of service provided.
     
  18. TheAvatar

    TheAvatar Member

    Joined:
    Jul 18, 2006
    Messages:
    838
    Location:
    2580
    Everything I am expected to do on a daily basis... Damn end users... ;p
     
  19. Swathe

    Swathe (Banned or Deleted)

    Joined:
    Mar 23, 2007
    Messages:
    2,509
    Location:
    Rockhampton
    This times a billion.

    I hate BE with a passion.

    Been enjoying shadow protect the last few weeks, deployed along with some RDX drives for smaller clients to do offsite backups. Their imaging and restoring from stuff has worked flawlessly for me so far.
     
  20. Gunna

    Gunna Member

    Joined:
    Dec 25, 2001
    Messages:
    7,730
    Location:
    Brisbane
    Restored SBS\Exchange, I couldnt get the information store to mount
     

Share This Page

Advertisement: