Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
My mom died when I was 7, after which my dad bought me a Commodore 64 so I had something to lose myself in during the mourning process.
I learned everything about that system, from my first GOTO statement to sprite buffers, to soldering my own EPROM cartridges. My dad didn't deal with the loss so well, and became a missing person 5 years later when I was 12.
I got into foster care with a bunch of strict religious cultists who wouldn't allow electronics in the house.
So I ran away at 14, sub-rented a closet in a student apartment using my orphan benefits and bought a secondhand IBM computer. I spent about 16 hours a day learning about BSD and Linux, C, C++, Fortran, ADA, Haskell, Livescript and even more awful things like Visual Basic, ASP, Windows NT, and Active Directory.
I faked my ID (back then it was just a laminated sheet of paper), and got a job at 15-pretending-to-be-17 at one of the first ISPs in my country. I wrote the firmware and admin panel for their router, full of shitty CGI-bin ASP code and vulnerabilities.
That somehow got me into a job at Microsoft, building the MS Office language pack for my country, and as an official "conflict resolver" for their shitty version control system. Yes, they had fulltime people employed just to resolve VCS conflicts.
After that I worked at Arianespace (X-ray NDT, visualizing/tagging dicom scans, image recognition of faulty propellant tank welds), and after that I switched to biotech, first phytogenetics, then immunology, then pharmacokynetics.
In between I have grown & synthesized and sold large quantities of recreational drugs, taken care of some big felines, got a pilot license, taught IT at an elementary school, renovated a house, and procreated.
A lot of it was to prove myself to the world -- prove that a nearly-broke-orphan-high-school-dropout could succeed at life.
But hey, now I work for a "startup", so I guess I failed after all.23 -
More sysadmin focused but y’all get this stuff and I need a rant.
TLDR: Got the wrong internship.
Start working as a sysadmin/dev intern/man-of-many-hats at a small finance company (I’m still in school). Day 1: “Oh new IT guy? Just grab a PC from an empty cubicle and here’s a flash drive with Fedora, go ahead and manually install your operating system. Oh shit also your desktop has 2g of ram, a core2 duo, and we scavenged your hard drive for another dev so just go find one in the server room. And also your monitor is broken so just take one from another cubicle.”
Am shown our server room and see that someone is storing random personal shit in there (golf clubs propped against the server racks with heads mixed into the cabling, etc.). Ask why the golf clubs etc. are mixed in with the cabling and server racks and am given the silent treatment. Learn later that my boss is the owners son, and he is storing his personal stuff in our server room.
Do desktop support for end users. Another manager asks for her employees to receive copies of office 2010 (they’re running 2003 an 2007). Ask boss about licensing plans in place and upgrade schedules, he says he’ll get back to me. I explain to other manager we are working on a licensing scheme and I will keep her informed.
Next day other manager tells me (*the intern*) that she spoke with a rich business friend whose company uses fake/cracked license keys and we should do the same to keep costs down. I nod and smile. IT manager tells me we have no upgrade schedule or licensing agreement. I suggest purchasing an Office 365 subscription. Boss says $150 a year per employee is too expensive (Company pulls good money, has ~25 employees, owner is just cheap) I suggest freeware alternatives. Other manager refuses to use anything other than office 2010 as that is what she is familiar with. Boss refuses to spend any money on license keys. Learn other manager is owners wife and mother of my boss. Stalemate. No upgrades happen.
Company is running an active directory Windows Server 2003 instance that needs upgrading. I suggest 2012R2. Boss says “sure”. I ask how he will purchase the license key and he tells me he won’t.
I suggest running an Ubuntu server with LDAP functionality instead with the understanding that this will add IT employee hours for maintenance. Bosses eyes glaze over at the mention of Linux. The upgrade is put off.
Start cleaning out server room of the personal junk, labeling server racks and cables, and creating a network map. Boss asks what I’m doing. I show him the organized side of the server room and he says “okay but don’t do any more”.
... *sigh* ...20 -
TLDR: In defense of Powershell - the rant:
I don’t get the Powershell hate.
You don’t hate a screwdriver for not being able to turn a nut, you just *don’t use a screwdriver to turn a nut*
Once you recognize what the tool is good for and you don’t try to use it like Bash, it’s wildly powerful, and satisfying to use in a way Cmd.exe never was.
Cygwin or a Linux Subsystem can only go so far on a Windows computer. You’re dealing with two fundamentally different OS architectures. It makes sense you’d need different tools.
And like it or not, Microsoft owns the non-tech-user desktop , corners the non-tech server business market, and Active Directory is THE tool for managing Windows desktops on a large scale - So Wanblows is not going away anytime soon.
Automation without some weird ass sysVol batch login script is finally possible. Anyone who knows .Net classes can leverage their methods from directly within Powershell. Remote management of headless Windows servers is now a reality. If you have an Office 365 Exchange server you can literally Powershell remote to it for management, just like your favorite cloud hosted Linux distribution.
No one said Windows is a better OS, but an object based shell on an object based OS *makes sense*. It’s useful for its environment. Let it be.10 -
Just inherited a web application, worst security ever, all it does is call an unsecured application that does an active directory call, verifies the user name exists and then grants the role that the username is assigned. That is it oh and if you can find your way into the admin panel anyone can edit anyone else's role.
Come to find out this application got the dev who designed it a promotion to lead.
5 -
So my previous alma mater's IT servers are really hacked easily. They run mostly in Microsoft Windows Server and Active Directory and only the gateway runs in Linux. When I checked the stationed IT's computer he was having problems which I think was another intrusion.
I asked the guy if I can get root access on the Gateway server. He was hesitant at first but I told him I worked with a local Linux server before. He jested, sent me to the server room with his supervision. He gave me the credentials and told me "10 minutes".
What I did?
I just installed fail2ban, iptables, and basically blocked those IP ranges used by the attacker. The attack quickly subsided.
Later we found out it was a local attack and the attacker was brute forcing the SSH port. We triaged it to one kid in the lobby who was doing the brute forcing connected in the lobby WiFi. Turns out he was a script kiddie and has no knowledge I was tracking his attacks via fail2ban logs.
Moral of lesson: make sure your IT secures everything in place.1 -
New position at work. Lots of power in regards to tech stacks of my choice.
I feel like Neo.
First project was finished in a week using Clojure. A basic application that would automate the process of adding our students into a particular active directory system in which many other things happen at the same time including updates to pins and other shit as well as networking and wifi permissions. Works fast as fuuuuuuuuuck, the alternative existed(somewhat) in php and while there was nothing wrong other than speed I wanted to show the head of my department what i could do.
It was anticlimactic as fuck. I thought it was gonna take me longer. It fucking didn't and i am glad as shit. It is now working like an absolute powerhouse in its own environment and being monitored by the sys admins, they loved how easy it was to deploy and how well behaved it is.
The head of the department is impressed as fuck and the board of directors got a hold of it. Reason being that I am being displayed as some sort of wizard that used ancient alien tech in the 21st century.
Fuck yes, major win.
I also get to add Clojure to my resumee. Hod even said that if needed be they will rethink my salary to add the fact that i get to use this tech where no one else can.11 -
This one's for all the SysAdmins out there.
About 4 years ago I was asked to take over a dental offices systems administration (~20 machines) after their previous guy had allowed their servers RAID 1 to fail and hadn't done any updates or general maintenance. (please take note this office is my parents dental office).
I since have been recovering from his poor configuration and setup by instating an active directory environment and installing up to date software as well as updating machines on the domain to Windows 10 since windows 7 is no longer supported. I have also been properly licensing everything.
My bosses (my parents) are annoyed with this because "it's more expensive" and "it's too complicated we don't know how to manage it" and I don't know how to explain to them that they aren't fucking systems admins. They asked why they could do it before and I tried to explain that now it's secure and things need to be rolled out on the network level. They had every user running full local admin on every workstation plus the server.
Some people don't fucking understand that just because it's simple doesn't make it a good fucking idea. And because it's cheap doesn't mean it will always be (just wait till Microsoft audits you).
Oh and they also don't understand fucking CAL licensing and refuse to pay for gsuite for all their staff who use it. Instead they just have two gsuite accounts and give everyone the fucking password.
I'm going to have an aneurysm5 -
Taking IT classes in college. The school bought us all lynda and office365 accounts but we can't use them because the classroom's network has been severed from the Active Directory server that holds our credentials. Because "hackers." (The non-IT classrooms don't have this problem, but they also don't need lynda accounts. What gives?)
So, I got bored, and irritated, so I decided to see just how secure the classroom really was.
It wasn't.
So I created a text file with the following rant and put it on the desktop of the "locked" admin account. Cheers. :)
1. don't make a show of "beefing up security" because that only makes people curious.
I'm referring of course to isolating the network. This wouldn't be a problem except:
2. don't restrict the good guys. only the bad guys.
I can't access resources for THIS CLASS that I use in THIS CLASS. That's a hassle.
It also gives me legitimate motivation to try to break your security.
3. don't secure it if you don't care. that is ALSO a hassle.
I know you don't care because you left secure boot off, no BIOS password, and nothing
stopping someone from using a different OS with fewer restrictions, or USB tethering,
or some sort malware, probably, in addition to security practices that are
wildly inconsistent, which leads me to the final and largest grievance:
4. don't give admin priveledges to an account without a password.
seriously. why would you do this? I don't understand.
you at least bothered to secure the accounts that don't even matter,
albeit with weak and publicly known passwords (that are the same on all machines),
but then you went and left the LEAST secure account with the MOST priveledges?
I could understand if it were just a single-user machine. Auto login as admin.
Lots of people do that and have a reason for it. But... no. I just... why?
anyway, don't worry, all I did was install python so I could play with scripting
during class. if that bothers you, trust me, you have much bigger problems.
I mean you no malice. just trying to help.
For real. Don't kick me out of school for being helpful. That would be unproductive.
Plus, maybe I'd be a good candidate for your cybersec track. haven't decided yet.
-- a guy who isn't very good at this and didn't have to be
have a nice day <3
oh, and I fixed the clock. you're welcome.2 -
TLDR: There’s truth in the motto “fake it till you make it”
Once upon a time in January 2018 I began work as a part time sysadmin intern for a small financial firm in the rural US. This company is family owned, and the family doesn’t understand or invest in the technology their business is built on. I’m hired on because of my minor background in Cisco networking and Mac repair/administration.
I was the only staff member with vendor certifications and any background in networking / systems administration / computer hardware. There is an overtaxed web developer doing sysadmin/desktop support work and hating it.
I quickly take that part of his job and become the “if it has electricity it’s his job to fix it” guy. I troubleshoot Exchange server and Active Directory problems, configure cloudhosted web servers and DNS records, change lightbulbs and reboot printers in the office.
After realizing that I’m not an intern but actually just a cheap sysadmin I began looking for work that pays appropriately and is full time. I also change my email signature to say “Company Name: Network Administrator”
A few weeks later the “HR” department (we have 30 employees, it’s more like “The accountant who checks hiring paperwork”) sends out an email saying that certain ‘key’ departments have no coverage at inappropriate times. I don’t connect the dots.
Two days later I receive a testy email from one of the owners telling me that she is unhappy with my lack of time spent in the office. That as the Network Administrator I have responsibilities, and I need to be available for her and others 8-5 when problems need troubleshooting. Her son is my “boss” who is rarely in the office and has almost no technical acumen. He neglected to inform her that I’m a part time employee.
I arrange a meeting in which I propose that I be hired on full time as the Network Administrator to alleviate their problems. They agree but wildly underpay me. I continue searching for work but now my resume says Network Administrator.
Two weeks ago I accepted a job offer for double my current salary at a local software development firm as a junior automation engineer. They said they hired me on with so little experience specifically because of my networking background, which their ops dept is weak in. I highlighted my 6 months experience as Network Administrator during my interviews.
My take away: Perception matters more than reality. If you start acting like something, people will treat you like that.2 -
I """""accidentally"""'" found some security holes in my school's Windows public computer setup.
Every student and teacher has a personal Active Directory, obviously they should be able to only see their own right?
oh wait the directory up button in explorer shows me all of them and I have r/w access to teacher and student ADs.
That's cool.
Also, the command prompt, Run prompt ad Explorer path bar are disabled...
...but batch scripts work.
Sweet.
Surely I can't do something dumb like--- oh, regedit's blocked but not the reg command.
They use the-- WHY IS GPEDIT NOT BLOCKED
Well what the fuck.
(All of this was responsibly handled by emailing the tech department. They have an email just for this! ...got a bounceback "this person is no longer employed at XYZ School.")6 -
I might be fucked up, but I have a tendency to gravitate towards the shit that everyone else dislikes for the sake of knowing if their bias against is actually because shit is truly fucked up or if shit is legit plain WRONG.
From all technologies that I have worked with professionally I can count:
Java(currently in the form of old JSP services for an "enterprise level application")
Java for Android development - i was the lead engineer for a mobile project
Swift with IOS dev, same gig as the above.
C++ for Android development in the form of OpenCV with Java as well.
Javascript in all possible forms, basic input validation, ajax services, jquery datatables, jquery animations and builders.
Css/sass heavily
Clojure for an ldap active directory application
Python for glue scripts
Classic ASP with JScript and VBScript
VB Net forms
C# For ASP.NET MVC
Bootstrap for multiple intranet frontends
Node+Express for a logistics warehouse management tool
Ruby on Rails freelancing small gigs
Php in all ways possible from complete standalone php apps to Laravel and just php+composer apps aaaaall the way to wordpress
Django consulting
I have found that the one that I dislike the most is wordpress. And the one that I like working with the most is Node. Don't know why, i just do really fucking like messing around with Javascript, the language has changed a fuckload throughout the years and continues to increase and change. It was my first scripting language following a stint in me trying to learn cpp way when i was starting and royally FAILING
Never really got the hate for it, even when I used JScript with classic ASP i just enjoy working with Javascript a lil too much. And from all the above mentioned stacks safe from Php is the one, or one of the ones in which i don't royally suck :V3 -
Have a couple I want to air today.
First was at my first gig as a dev, 4-5 months out of school. I was the only dev at a startup where the owner was a computer illiterate psycopath with serious temper tantrums. We're talking slamming doors, shouting at you while you are on the phone with customers, the works...
Anyways, what happened was that we needed to do an update in our database to correct some data on a few order lines regarding a specific product. Guess who forgot the fucking where-clause... Did I mention this boss was a cheap ass, dollar stupid, penny wise asshole that refused to have anything but the cheapest hosting? No backups, no test/dev/staging environment, no local copies... Yeah, live devving in prod, fucking all customers with a missing semi-colon (or where clause).
Amazingly, his sheer incompetance saved my ass, because even if I explained it, he didn't get it, and just wanted it fixed as best we could.
The second time was at a different company where we were delivering managed network services for a few municipalities. I was working netops at that time, mostly Cisco branded stuff, from Voice-over-IP and wifi to switches and some routing.
One day I was rolling out a new wireless network, and had to add the VLAN to the core switch on the correct port. VLAN's, for those who don't know, are virtual networks you can use to run several separated networks on the same cable.
To add a VLAN on a Cisco switch one uses the command:
switchport access vlan add XYZ
My mistake was omitting the 'add', which Cisco switches happily accept without warning. That command however can be quite disruptive as it replaces all of the excisting VLAN's with the new one.
Not a big deal on a distribution switch supplying an office floor or something, but on a fucking core switch in the datacenter this meant 20K user had no internet, no access to the applications in the DS, no access to Active Directory etc. Oh and my remote access to that switch also went down the drain...
Luckily a colleague of mine was on site with a console cable and access to config backups. Shit was over within 15 minutes. My boss at that time was thankfully a pragmatic guy who just responded "Well, at least you won't make that mistake again" when we debriefed him after the dust settled. -
In an application that everyone in production floor used... I made some "improvements"... Next I know I get tons of tickets because is really slow... Like 20 minutes waiting and it doesn't load... I try with my user in their computers and it loads instantly... Puzzled... After trying in many computers my user loads instantly... Oops... I left a if(user = "me") skip all active directory checks 🙄... Made all production floor lose about 3 hours 😆 because I didn't believe 😛2
-
Today I'm ranting about Windows. No, it's not "WiNdOwS sUcKs!", it's more like "But why!?"
See, I'm an IT guy for the year, and in my office they use Windows. Now once upon a time, they had Active Directory and all that (well, actually, they still do) but then they got some new computers running Windows 10, and for some reason they just couldn't join them to the domain!
Why can't they, you ask? Well, Microsoft only allows Win 10 Pro and up to join a Domain, and since these computers came with Win 10 Home, that wasn't possible.
Long story short, I now have some 30 computers that need to be upgraded (possibly from 7) to Win 10 Pro, and joined to the Domain.
Thing is, I would like to do that all in one go, so I look into how to automatically setup Windows.
"Ah! Got it, provisioning packages!"
Lest you think they work let me spare you now: they don't. Just like real computers where everything is different, provisioning packages failed to work twice, and after wasting about a week trying to make it work, I gave up.
So now I realized that I need to try a different method, a custom windows image. Issue is, I've got no clue how to make one. See, microsoft decided to go all in on the provisioning packages thing (they do have advantages in certain use cases), and seemed to decide that making custom images was no longer necessary, so they documentation was nearly impossible to find.
But after a lot of searching, I figured out how to do it:
1. Install Windows in a VM.
2. Put it in audit mode.
3. Install your stuff.
4. Create an unattend.xml file with certain customizations.
5. Put the unattend in Windows\System32\Sysprep
6. Generalize the image.
7. Boot WinPE.
8. Open the console.
9. Capture the image.
10. Wait an hour or two.
11. Done!
I'm over simplifying, it was a huge PITA, and yet there were still issues.
Maybe another time I'll talk about those.22 -
Storytime!
I got a ticket near the end of the day, asking to install a printer on a computer. The branch in question was in a different time zone (I'm in US-Pacific [GMT-07] and the computer was in US-Eastern [GMT-04]). I figured I wouldn't worry about it; after all, I had other tickets to work on that were much higher priority.
The next day I come into work and immediately get a message from one of my East Coast coworkers, telling me that this branch is calling and asking how the printer is coming. I told him to tell them I would call them a bit later. I do a couple of easy jobs and then begrudgingly call the branch. I listen to the phone tree that they have (which requires two button presses instead of one in order to speak with someone) and finally get in contact with a person... only to have the call disconnect.
I call back and ask for the person who called in the ticket and then followed up, who had apparently gone to lunch. I informed the person that I was just going to install the printer and it would be good to go. This would be fine... up until she mentioned she needed scanning functionality.
Now I wasn't sure if the driver we have in AD is set up with the scan functionality, so I said okay, but that meant I would have to get the driver from the website. The connection to our branches are about 1Mbps, so even downloading Java updates (60-ish MB) take about 5-10 minutes on a good day. The file for this printer was about 700MB (thanks HP). So I went and did other stuff while that downloaded.
I come back after it finished and started the install process. Right away it asks to re-seat the USB cable. So I call the branch. The call disconnects. I call again. It disconnects. I call one more time, and finally get the person who called the ticket in. I instruct him to re-seat the cable. He does. The driver starts doing its thing. I tell him I'll call back if I run into any issues and we hang up.
The driver goes through the install process for about 20 minutes, stops at 99%, then fails. I want to restart the computer, just in case there's a conflict somewhere, but that would require calling the store again, so I put it off.
About an hour later I get a message from another East Coast coworker, telling me the branch is calling about the printer again. I was in the middle of another call and said I would call back later. I do. It disconnects. I call again, and get the person who called the ticket in again. I tell him I want to restart the computer, but wasn't sure if it was okay. He checks with the people using it, who says it's okay, so I reboot. I hang up.
Once the computer comes back up I start the install process again. It asks to re-seat the cable. Fuck. I don't want to call the store again, so I open notepad and say "Please take out the printer's USB connection from the back of the computer."
Three. Fucking. People. Saw it. They moved the window and one even tried to close it, but they didn't re-seat the cable. I opened another window, telling them to call me at my number. They didn't. I called them. Got disconnected. I called them again, finally got someone, told them to re-seat the printer cable again. They do, thank god.
I say thank you and hang up. Continue the installer. It stops at 99% again and fails. I reboot the computer; screw it, I'm just going to install the driver from Active Directory. Check Devices and Printers. It's installed successfully. Hallelujah!
I get the printer set up for the various programs they use and print a test page. I call them one last time; their phone system sounding like they were connected via an underwater line connected by tin cans. I get someone.
$me: Hi, I want to know if the printer has printed something.
$them (garbled): -et me shee... yesh, it -rint-d a *beezelborp*.
$me: Perfect, I'm going to close this ticket! Thanks, goodbye! *hangs up*
tl;dr - I hate printers -
The wage for the publishing company is too low to my liking (see previous rant), has so many asterisks when it comes to payment that it's downright shady, and I'd rather work for a company that follows European standards and is located in Europe anyway. So I've started to look again for sysadmin jobs.
Came across this fucking site, because apparently Glassdoor is down for maintenance (maybe those guys could use another sysadmin as well, hmm? 🤔)
https://totaljobs.com/jobs/...
"5 Linux Systems Administrator jobs in Belgium + 10 miles"
Alright, excellent! Let's see what they are!!!
- Active Directory administrator, wage unspecified.
- Senior VMware administrator, wage unspecified.
- Freelance Windows administrator, wage unspecified.
- Application services PM (i.e. DevOps), freelance, €500/day.
- System applications manager, requirements clearly noting Windows systems but why on Earth would you put that in the title?
Well thank you mate, useless shitsite. Do you see that none of these jobs have anything to do with Linux? Thanks you bastard, totaljobs.com! Time well spent, don't you think? 😑5 -
EoS1: This is the continuation of my previous rant, "The Ballad of The Six Witchers and The Undocumented Java Tool". Catch the first part here: https://devrant.com/rants/5009817/...
The Undocumented Java Tool, created by Those Who Came Before to fight the great battles of the past, is a swift beast. It reaches systems unknown and impacts many processes, unbeknownst even to said processes' masters. All from within it's lair, a foggy Windows Server swamp of moldy data streams and boggy flows.
One of The Six Witchers, the Wild One, scouted ahead to map the input and output data streams of the Unmapped Data Swamp. Accompanied only by his animal familiars, NetCat and WireShark.
Two others, bold and adventurous, raised their decompiling blades against the Undocumented Java Tool beast itself, to uncover it's data processing secrets.
Another of the witchers, of dark complexion and smooth speak, followed the data upstream to find where the fuck the limited excel sheets that feeds The Beast comes from, since it's handlers only know that "every other day a new one appears on this shared active directory location". WTF do people often have NPC-levels of unawareness about their own fucking jobs?!?!
The other witchers left to tend to the Burn-Rate Bonfire, for The Sprint is dark and full of terrors, and some bigwigs always manage to shoehorn their whims/unrelated stories into a otherwise lean sprint.
At the dawn of the new year, the witchers reconvened. "The Beast breathes a currency conversion API" - said The Wild One - "And it's claws and fangs strike mostly at two independent JIRA clusters, sometimes upserting issues. It uses a company-deprecated API to send emails. We're in deep shit."
"I've found The Source of Fucking Excel Sheets" - said the smooth witcher - "It is The Temple of Cash-Flow, where the priests weave the Tapestry of Transactions. Our Fucking Excel Sheets are but a snapshot of the latest updates on the balance of some billing accounts. I spoke with one of the priestesses, and she told me that The Oracle (DB) would be able to provide us with The Data directly, if we were to learn the way of the ODBC and the Query"
"We stroke at the beast" - said the bold and adventurous witchers, now deserving of the bragging rights to be called The Butchers of Jarfile - "It is actually fewer than twenty classes and modules. Most are API-drivers. And less than 40% of the code is ever even fucking used! We found fucking JIRA API tokens and URIs hard-coded. And it is all synchronous and monolithic - no wonder it takes almost 20 hours to run a single fucking excel sheet".
Together, the witchers figured out that each new billing account were morphed by The Beast into a new JIRA issue, if none was open yet for it. Transactions were used to update the outstanding balance on the issues regarding the billing accounts. The currency conversion API was used too often, and it's purpose was only to give a rough estimate of the total balance in each Jira issue in USD, since each issue could have transactions in several currencies. The Beast would consume the Excel sheet, do some cryptic transformations on it, and for each resulting line access the currency API and upsert a JIRA issue. The secrets of those transformations were still hidden from the witchers. When and why would The Beast send emails, was still a mistery.
As the Witchers Council approached an end and all were armed with knowledge and information, they decided on the next steps.
The Wild Witcher, known in every tavern in the land and by the sea, would create a connector to The Red Port of Redis, where every currency conversion is already updated by other processes and can be quickly retrieved inside the VPC. The Greenhorn Witcher is to follow him and build an offline process to update balances in JIRA issues.
The Butchers of Jarfile were to build The Juggler, an automation that should be able to receive a parquet file with an insertion plan and asynchronously update the JIRA API with scores of concurrent requests.
The Smooth Witcher, proud of his new lead, was to build The Oracle Watch, an order that would guard the Oracle (DB) at the Temple of Cash-Flow and report every qualifying transaction to parquet files in AWS S3. The Data would then be pushed to cross The Event Bridge into The Cluster of Sparks and Storms.
This Witcher Who Writes is to ride the Elephant of Hadoop into The Cluster of Sparks an Storms, to weave the signs of Map and Reduce and with speed and precision transform The Data into The Insertion Plan.
However, how exactly is The Data to be transformed is not yet known.
Will the Witchers be able to build The Data's New Path? Will they figure out the mysterious transformation? Will they discover the Undocumented Java Tool's secrets on notifying customers and aggregating data?
This story is still afoot. Only the future will tell, and I will keep you posted.6 -
The new company I'll work in told me that I have to use windows because they have an ad and Linux login does not work proper with it...4
-
A swedish insurance company has two different solution for logging in to their system.
1. An advanced high security single sign on solution involving active directory, verification of the network the request came from etc etc.
2. Using a link and passing your credentials in the query string!!! Like: insurancecompany.com?username=admin&password=password.
Solution 2 works with admin accounts from anywhere.4 -
Sometimes I have to work with physical hardware. There are over 300 machines in our lab, split among two subnets. But for some reason, I can never access my machines by hostnames.
Every other week, there's an IP conflict on this network, requiring me to log into the active directory server and delete old DNS entries. This usually happens because someone decided to deploy 64 VMs on a huge server, all at once, didn't boot them with a delay, let alone with with a warning to IT.
Then when my superior asks how my progress has been and I respond with "I can't even get the machines to ping each other by hostname, there's something wrong with the DNS:, I get the following response: "HOW COME NOBODY ELSE IS HAVING PROBLEMS WITH THIS. YOU'RE FULL OF SHIT", from someone who spends 90% of the year abroad, working remotely.5 -
I've been using the Square REST API and I spent one hour thinking there was something wrong in my code until I f** found that THEY were not following OAuth 2 guidelines, which made their workflow incompatible with the OAuth lib I was using, so I had to mark an exception for Square's OAuth from the rest of my OAuths. Specifically, RFC 6749 Section 4.2.2 and 5.1.
However, after reading OAuth 2 guidelines, I became angry at THEM instead. The parameter `expires_in` should be the "lifetime in seconds" after the response. This will always be innevitably inaccurate, since we are not taking into account the latency of the response. This is, however, not a huge problem, since the shortest token lifetimes are of an hour (like f** Microsoft Active Directory, who my cron jobs have to check every ten minutes for new access tokens). Many workflows (like Microsoft, Square, and Python's oauthlib) have opted to add the `expires_at` parameter to be more precise, which marks the time in UTC. However, there's no convention about this. oauthlib and Microsoft send the time in Unix seconds, but Square does this in ISO 8601. At this point, ISO 8601 is less ambigious. Sending a raw integer seems ambiguous. For example, JavaScript interprets integer time as Unix _milliseconds_, but Python's time library interprets it as _seconds_. It's just a matter of convention, a convention that is not there yet.
Hope this all gets solved in OAuth 2.1 pleeeaasseee
1 -
Went through changing Apple ID email. I have 💻,📱and⌚️.
Felt like that horror movie moment when protagonist tries to be stealthy but makes a noise and a huge mob of zombies turn heads all at once. For what I love apple, the simplicity, in the email changing process there is none of that.
They forced me to enter my 60 arbitrary obscure characters password on Apple Watch screen.
On the other hand I felt nostalgic. When I was using Linux this all was my day to day experience no matter the distro, and I got a Linux Foundation certificate, I contributed to Elementary. Can’t imagine the experience of a user who just switched to Linux.
Windows? I don’t want to think about that, let alone talking. You only need to know that I successfully configured a SoE setup AND active directory in ad-hoc unstable network of literally rusty old computers. And I still switched to Linux back then.4 -
I need to setup a Windows Server with an AD (and therefore an own domain) that can be reached from a Linux host for a test environment... Holy crap I totally forgot what a huge pain in the ass that crap is!
Pro Tip: If youre connected to a Server via VPN and RDP and you create a domain and subsequently get logged out from the server, you're fucked.2 -
I'm ashamed of it, but I want to share my tifu-story:
My colleague asked me if I could rename his windows user name because he married and changed his last name. I changed it in the Active Directory, but he got some problems when he wants to log on. On every startup his old name appears. Simpliest task. Let me google that.
Easy going, let me just change this registry entry. Reboot. Old behaviour. Okay, I changed some of the other entries. Reboot. Yeah, his new name appears. But wait a moment. Windows just nulled his entire user profile and deleted all the data. "oh, haha you have a backup, right?" - "no, I saved everything on the desktop, all my work is gone!"
But at the end, the boss was mad at HIM, because he doesn't used the file server or any backup system.
i am not a smart man5 -
TLDR: I need advice on reasonable salary expectations for sysadmin work in the rural United States.
I need some community advice. I’m the sysadmin at a small (35 employee) credit card processing company. I began as an intern and have now become their full time sysadmin/networking specialist. Since I was hired in January I have:
-migrated their 2007 Exchange server to Office 365
-Upgraded their ailing Windows server 2003 based architecture to 2012R2
-Licensed their unlicensed VMware ESXi servers (which they had already paid for license keys for!!!) and then upgraded them to 6.5 while preventing downtime on hosted VMs using tricky transfers and deployments (without vMotion!)
-Deployed a vCenter server to manage said ESXi servers easier
-Fixed a three month gap in their backups by implementing Veeam, and verifying its functionality
-Migrated a ‘no downtime’ fileserver to a new hypervisor host, implemented a ‘hot standby’ server as a backup kept up to date by the minute with DFS replication.
-Replaced failing hard drives in a RAID array underlying their one ‘business critical’ fileserver, which had no backups for 3 months at that time
-Reorganized Active Directory and Group Policy deployment from a nightmare spiderweb of OUs and duplicate policies
-Documented the entire old network and now the new one as I’ve been upgrading this
-Audited the developers AWS instances and removed redundant machines, optimized load balancing on front end Nginx servers, joined developer run Fedora workstations to the AD domain and implemented centralized syslog monitoring on them.
-Performed network scans and rewrote firewall exceptions to tighten security
There’s more, but you get the idea. I’ve now been tasked with taking point on an upcoming PCI audit which will be my first.
I’m being paid $16/hr US, with marginal health benefits. This is roughly $32,000 a year, before taxes.
I have two years previous work experience managing a third party Apple repair facility (SimplyMac) and every Apple certification for warranty repair and software troubleshooting. I have a two year degree in general sciences, with about 4 years of college credit (Two years of a physics education and two years of computer science after I switched focus) I’m actively pursuing a CCNA and MCSA server 2016 with exams paid for and scheduled.
I’m going into a salary negotiation in two months. What is a reasonable salary to request, from your perspective, for someone in my position?
Thanks in advance!6 -
My former employer refuses to pay out my vacation time per state law. Left a month ago but they have not disabled my company email account.
Small shop so no active directory but still shocked they have not disabled my access. It’s only outlook/ office 365 no access to network drives.
What kind of small, petty and (mostly) legal havoc can I cause?
Something annoying but causes no monetary damage.6 -
Okay so one of my friends got an offer for a more powerful server with 128GB RAM, ok processor because the current server load is high. When they got the offer of the new one I saw there was in the licenses part, Windows Server 2016. Which to me seems worst thing you can do for just using PHP, MySQL and nothing active directory or really windows specific. Can some of u please write in short why use linux for servers instead of shitdows. And it would clearly cost much less. Because I guess if other tell it they, the client, will agree...16
-
The coolest project that I have worked on is still a work in progress. It is a dashboard that uses signalR that integrates with team city, active directory and Google calendar. It's definitely one of the coolest things I have worked on to date.
-
So I’ve been working on a tool to do offline domain joining in an active directory for about a month in my company, and so far everything is functional and done EXCEPT that one thing.
Essentially to do an offline domain junction, you need an AD account that has sufficient privileges on the domain controller. It will then generate a key that you can use on the client machine to make the junction to the domain.
I have tried literally every possible option that I could think of and I cannot for the life of me figure out why the client machine does not accept the generated key. I’m using methods from the Netapi32.dll which are barely documented anywhere, I even searched on GitHub code references and I couldn’t find much… Theres also a tool called djoin.exe that supposedly does that, I’ve tried with that tool too, to no avail.
This is the last thing missing for the project to be complete, and it’s pretty essential as well…
So close yet so far….
If anybody here knows anything about that kind of stuff (admittedly very niche) I’ll take anything.
Note: I think I’ve browsed all the websites and forums referencing to these functions and the tool now… -
FUCK APPLICATION LEVEL FIREWALLS!
So i cam online today, thought already lets open the shitty outlook webmail client. Holy crap .... thats way to much mails. Many of them are missed teams messages. So i open up teams and holy crap. Like every third dev in my company send me a message screaming "gitab is not working!!!".
Yesterday i updated it so imediately get in panic mode - what the shitty hack have i done?!
So yeah gitlab seems to be working just fine, everything is speedy and responsive, so i call one of my fellow devs and ask him whats wrong? And he is like oh yeah there comes a ldap error saying timeout or something.
I try to login with active directory. Works like a charm. Try another account, same problem?!
Google the problem, search gitlab tickets. Nope there is no open bug or sth. like this.
So alright lets call the network guy. "Yo, can you check if there is something ldap-like getting blocked to the gitlab server?" - He is like oh yeah damn like almost every damn request is getting blocked. Ah wait, there was an firewall update yesterday too. Yeah ldap is no longer ldap. BLOCK THAT SHIT!
After 10 minutes of figuring out what shitty type is detected by the firewall and what needs to be whitelisted to make it fucking work again it seems to work.
But ha no, there is another update rolling on, so same shit like 15 minutes later.
Now it seems to work and i have to inform every damn fcking developer that it works again. And yeah alright you sent a mail, but fuck it, i will call you though! So yeah just answering calls, mails and chat messages. Like why the fuck cant you read your mails like a damn normal person?!1 -
Ended up dong an internship for my school (not really internship, more along the lines of formal volunteering, but whatever) helping set up laptops for a statewide standardized assessment.
I made a program to log the machine's identifying info (Serial, MAC addresses, etc), renames it, joins it to the school's Active Directory, and takes notes on machines, which gets dumped into a csv file.
Made the classic rookie mistake of backing things up occasionally, but not often enough. Accidentally nuked the flash drive with the data on it, and spent a good while learning data recovery and how grep works.
Lesson Learned? Back up frequently and back up everything -
I'm genuinely contemplating changing my career to an IT support role from my current web dev endeavors.
I have become rather disinterested for quite some time with web development, I've been working with React, Angular, the regular Wordpress stuff with the theme building/modifying, headless instances, plugin development and whatnot and all of these have become more of a chore than anything else.
I'm leaning towards an IT support role as I genuinely have more interest in a user support/infrastructure support role than a developer role, the question is, is it doable ?. I know my way around Windows and Linux Servers, know LDAP, Active Directory, BASH, Powershell, Networking, can do cabling and whatnot but I don't have the experience to show off those.
Any tips would be greatly appreciated3 -
I have always had the fantasy to build a function in my developments that upon start would check if my user still is enabled in the Active Directory, and if not then shut down the application. Never done it... yet.
-
Next week I'm beginning a paid intership in an sysadmin/infrastructure manager/bit of devops position. My tutor already told me he would give me things to learn alone so we could work together on stuff, and I can't wait for it to begin.
However, in the meantime I don't have a lot of things to do, so I would like to put this downtime to use and start reading stuff.
I already know I'll be doing a lot of Linux (that, I already master pretty well), and also some Active Directory, Kubernetes, and a bit of DevOps. Those are the main keywords he throwed at me during the interview.
What subject would you advice me to start learning in advance ? Do you have nice resources/books/videos on those matters ?
I would have asked to my tutor but right now he's on holidays and I don't intend to piss him off with job related questions.
On a side note : do you have any good and complete documentation or learning resource about SELinux ? I've had issues with it on my main rig for some months and can't find any good answer so I decided to learn it as best as I can and come up with an answer on my own. Since I intend to work in the field, I should what there's to know about it anyway.6 -
Today I created a second admin login for myself, deleted the first one, recreated the first one, then deleted the second one.2
-
Windows 10 , I just want a flipping built in command line executable to log off another (local) user. I'm not a server, I don't have active directory, I don't want to switch to log in as that user first, i want to just kill their inactive local session because cisco freaking vpn doesn't allow you to connect when a other user is logged in. I can kill the session from admin task manager, I just want to be in the commandline. If your gonna let software check the number of logged in users, let the freaking administration modify the number of logged in users with a cli.
Idk if I could turn it off an on again. On a server I would just issue "query sessions" or "query users" followed by "logoff ##". Why not let me do the same damn thing on my home computer sk I don't have to restart MY SESSION just to close MY WIFE'S session. You stupid fraking company that cannot provide consistent command line programs across various systems. SCREW YOU MICROSOFT AND YOUR UTTER ASANINE DECISION MAKING REGARDING WHAT FEATURES TO INCLUDE IN WHAT BUILDS.2 -
Querying Active Directory limits result sets to 1000. Useful when working for an organisation with over 3000 people...
-
Relatively often the OpenLDAP server (slapd) behaves a bit strange.
While it is little bit slow (I didn't do a benchmark but Active Directory seemed to be a bit faster but has other quirks is Windows only) with a small amount of users it's fine. slapd is the reference implementation of the LDAP protocol and I didn't expect it to be much better.
Some years ago slapd migrated to a different configuration style - instead of a configuration file and a required restart after every change made, it now uses an additional database for "live" configuration which also allows the deployment of multiple servers with the same configuration (I guess this is nice for larger setups). Many documentations online do not reflect the new configuration and so using the new configuration style requires some knowledge of LDAP itself.
It is possible to revert to the old file based method but the possibility might be removed by any future version - and restarts may take a little bit longer. So I guess, don't do that?
To access the configuration over the network (only using the command line on the server to edit the configuration is sometimes a bit... annoying) an additional internal user has to be created in the configuration database (while working on the local machine as root you are authenticated over a unix domain socket). I mean, I had to creat an administration user during the installation of the service but apparently this only for the main database...
The password in the configuration can be hashed as usual - but strangely it does only accept hashes of some passwords (a hashed version of "123456" is accepted but not hashes of different password, I mean what the...?) so I have to use a single plaintext password... (secure password hashing works for normal user and normal admin accounts).
But even worse are the default logging options: By default (atleast on Debian) the log level is set to DEBUG. Additionally if slapd detects optimization opportunities it writes them to the logs - at least once per connection, if not per query. Together with an application that did alot of connections and queries (this was not intendet and got fixed later) THIS RESULTED IN 32 GB LOG FILES IN ≤ 24 HOURS! - enough to fill up the disk and to crash other services (lessons learned: add more monitoring, monitoring, and monitoring and /var/log should be an extra partition). I mean logging optimization hints is certainly nice - it runs faster now (again, I did not do any benchmarks) - but ther verbosity was way too high.
The worst parts are the error messages: When entering a query string with a syntax errors, slapd returns the error code 80 without any additional text - the documentation reveals SO MUCH BETTER meaning: "other error", THIS IS SO HELPFULL... In the end I was able to find the reason why the input was rejected but in my experience the most error messages are little bit more precise.2 -
Who knew there were so many goddamn duplicate file extensions spanning generations....
There is literally nothing to do but rate likelihood.
Does anyone know of a statistical database that tracks the appearance of certain file types and their frequency based of real analysis of active computer systems ?
Some of these types are pretty vague and fileinfo repeats some things. grr.
Of course, overthinking here, one would have to also look at what kind of files appear in the same directory in certain cases.5
Top Tags
Weekly Rant
View