IT/Software career thread: Invert binary trees for dollars.

Neranja · Nov 16, 2021

Mist said:
It's a lot of god damn certs to manage, and every different product in the environment has its own set of concerns and different installation/renewal process.

We have written our own PKI management software because of that. No one can help you with cert distribution, because frankly every software out there sucks, to a varying degree.

From a security perspective every device and every service on the network should have an "owner", and one or more deputies. All should be living, breathing persons and not a functional mailbox no one ever reads. Depending on the runtime of the certificates, expiring certificates should automatically trigger email reminders 1 to 3 months before. As in everything security, documentation is everything.

Yes, it's a lot of work, but if it's in the cloud there already should be SCM in place, so you can automate at least part of it.

TomServo · Nov 16, 2021

At a minimum all non high security zone servers and desktops should be auto renewal in a cert template.

Janx · Nov 16, 2021

Mist said:
That's not at all what I'm talking about. I don't mean "how do certs work?" I mean "actually dealing with certs in the real world."

Specifically, the mechanics and logistics of actually managing a large number of certificates in multiple complex environments with products from multiple different vendors. Managing 3rd party certs vs internal certs. Knowing the difference between single domain certs and wildcard certs and what the use-cases are. Building root and intermediate CAs, getting certs signed and installed on a bunch of servers in the cloud, etc. Oh and NOT LETTING EVERYTHING EXPIRE IN THE MIDDLE OF THE FUCKING NIGHT AND CAUSING A TOTAL SHITSTORM.

Tons of people out there are like "I know how certs work!" and then when it comes to actually having to do any kind of project work or maintenance work on getting the right certs signed, installed, renewed, replaced with ones from a different authority, etc, totally drop the fucking ball.

Wait, is it not common practice to let certs expire?!? The amount of times the people that "manage" our servers have let certs expire and disk space fill up is astounding (and this is in production). I even thought of writing a powershell script or something that would email me but no fucking way am I going to do their job and be a middleman for their incompetence.

Deathwing · Nov 16, 2021

Expiring certs is how IT knows you're using their precious assets. It's the 99% disk usage of the 21st century.

Neranja · Nov 16, 2021

Janx said:
The amount of times the people that "manage" our servers have let certs expire and disk space fill up is astounding (and this is in production).

This is telling me they have no monitoring/reporting without telling me they have no monitoring/reporting.

Mist · Nov 21, 2021

Neranja said:
This is telling me they have no monitoring/reporting without telling me they have no monitoring/reporting.

At an MSP, I'd say 80% of all escalations, possibly even outages, for clients ultimately come because:

A) A managed element (server, firewall, switch, etc) was never onboarded to monitoring when the customer was onboarded.
B) The element was onboarded to monitoring tool, but the right SNMP metrics/disks/services were not being monitored.
C) The right things were being monitored, but the thresholds were set incorrectly.
D) The device, metric, etc, was labeled poorly in the monitoring dashboard so the event management or incident management teams didn't action it properly.
E) Someone low on the triage ladder closed the alerts as not actionable, or worse, held the alerts their name and never did anything with them because there wasn't a documented process in place for what to actually do with that alert, aside from telling the customer X thing is red.
F) There's a bug in the monitoring tool that nobody got around to fixing yet because it's for a class of device that not a lot of clients have.

TJT · Nov 22, 2021

Mist said:
At an MSP, I'd say 80% of all escalations, possibly even outages, for clients ultimately come because:

A) A managed element (server, firewall, switch, etc) was never onboarded to monitoring when the customer was onboarded.
B) The element was onboarded to monitoring tool, but the right SNMP metrics/disks/services were not being monitored.
C) The right things were being monitored, but the thresholds were set incorrectly.
D) The device, metric, etc, was labeled poorly in the monitoring dashboard so the event management or incident management teams didn't action it properly.
E) Someone low on the triage ladder closed the alerts as not actionable, or worse, held the alerts their name and never did anything with them because there wasn't a documented process in place for what to actually do with that alert, aside from telling the customer X thing is red.
F) There's a bug in the monitoring tool that nobody got around to fixing yet because it's for a class of device that not a lot of clients have.

Are you using Solarwinds or something to do this?

Mist · Nov 22, 2021

TJT said:
Are you using Solarwinds or something to do this?

Something like that, yeah. At the new employer, we have a few different remote monitoring tools (that often double as remote access gateways) that can be installed in customer environments, that then aggregate alerts up to master dashboards for each customer, which then have an integration to open event tickets in our ITSM platform, which can be escalated to incidents during triage.

I don't really touch as much of this stuff as I did at my old employer though.

Conefed · Nov 22, 2021

First semester of classes is almost over, finished Linux tonight.

Two big projects and two tests remaining

Look for scholarships and job and sign up for spring semester is next

Mist · Nov 22, 2021

Conefed said:
First semester of classes is almost over, finished Linux tonight.

Two big projects and two tests remaining

Look for scholarships and job and sign up for spring semester is next

It's not too late to do something useful and fulfilling with your life.

Conefed · Nov 22, 2021

Mist said:
It's not too late to do something useful and fulfilling with your life.

Tried that. Now need income and stability

Conefed · Nov 23, 2021

I'm a dork
I like stat blocking

Assigning ip addresses and stuff scratches that itch in an indirect way

Conefed · Dec 1, 2021

Using Packet Tracer, I'm trying to communicate to CISCO.com, a named server.

From a PC, I can both ping the address for CISCO.com and the name "cisco.com"
Likewise, I can ping the address and name for the dns server.

from the dns server, I can ping everything also.

from the PC, nslookup and tracert work

but from the PC's web browser widget, "host name unresolved"

What am I overlooking?

Mist · Dec 1, 2021

Conefed said:
Using Packet Tracer, I'm trying to communicate to CISCO.com, a named server.

From a PC, I can both ping the address for CISCO.com and the name "cisco.com"
Likewise, I can ping the address and name for the dns server.

from the dns server, I can ping everything also.

from the PC, nslookup and tracert work

but from the PC's web browser widget, "host name unresolved"

What am I overlooking?

Proxy settings in the browser configured incorrectly?

Conefed · Dec 1, 2021

Had friend in area come over and the shit started working like it hadn't for the past two hours

/facepalm

moonarchia · Dec 1, 2021

Conefed said:
Had friend in area come over and the shit started working like it hadn't for the past two hours

/facepalm

He's got the glow!

Voyce · Dec 1, 2021

Paraphrase:

Me: Dev X is getting in the way of Devs Y and Z making the deadlines for these extremely aggressive deliverables, requesting contract changes for minor spelling, cosmetic format changes errors etc...

Boss: I don't fault Employee Y, we should have those corrected

Me: It can wait until after the Deliverables are met

Boss: If it's not done now then it will never get done

Me: You're right, we should stop hiring H1B1 Visa's who can't speak or write English, and leveraging their tentative legal work status as a means to gouge them to work hours past the clock, as opposed to offering overtime to more competent Devs who we would have to subsequently pay more. Or more productively, pushing back at our Users who pissed away three months of our Development for some crappy Business Rules.

Boss: ...

Me: Please do the needful

TJT · Dec 2, 2021

I've been having to train a guy in India for some stuff. He's okay but I think my main gripe is apprehension. Like they want constant checks and rechecks on things they do before they actually do them. So it requires more management time than I would like to get things done. Even their senior people do this.

Also within the next quarter I am hiring the following: Business Intelligence Analyst, Senior Business Analyst for a Data Analytics and Governance team. I don't think a 100% remote offering is allowed. However the offering is extended to all of our offices so if you're in SoCal, Austin, or Boston and are interested PM me I'll give you the rundown.

TJT · Dec 2, 2021

TomServo I want to change my opinion on Google Cloud Platform. While its UI and UX suck and I hate a lot of shit about it. GCP is second to none on its ability to process shitloads of data. We're talking petabytes at a time. Even with the largest offering on Snowflake that will take forever. GCP torques that shit out in 10 minutes and charges you for the processing power but you don't have to be on enterprise accounts or anything to get it. It just adjusts as you need it.

Which AWS, Azure, and Snowflake don't do. So I can see when its good to have. Everything else about it is still awful.

TomServo · Dec 2, 2021

Thats good to hear. I'm currently fighting with a splinter group that were exiled from our DI team, who have been running a rogue Power BI datawarehouse on prem, and now want to rush a production redshift deployment. I killed it one time back in july. they back with a self imposed deadline of monday. So i just pulled in our deputy general counsel, privacy officer and am going to smash their skulls in.

Search

IT/Software career thread: Invert binary trees for dollars.

Neranja

TomServo

Janx

Deathwing

Neranja

Mist

Eeyore Enthusiast

TJT

Mr. Poopybutthole

Mist

Eeyore Enthusiast

Conefed

Blackwing Lair Raider

Mist

Eeyore Enthusiast

Conefed

Blackwing Lair Raider

Conefed

Blackwing Lair Raider

Conefed

Blackwing Lair Raider

Mist

Eeyore Enthusiast

Conefed

Blackwing Lair Raider

moonarchia

The Scientific Shitlord

Voyce

Shit Lord Supreme

TJT

Mr. Poopybutthole

TJT

Mr. Poopybutthole

TomServo