|
Sheep posted:What do you do when you have to explain file contexts to them code:
|
#
?
Nov 10, 2017 08:10
|
|
|
|
| # ? Jun 4, 2024 14:05 |
|
|
SeaborneClink posted:Ask me about how allowing people to develop locally unrestricted or more specifically, with callous disregard for their constraints in Prod leads to absolutely insane things like thinking
|
|
#
?
Nov 10, 2017 08:19
|
|
please see $Company policies for appropriate logging and application security.' and CC'd the SVP, VP Software Engineering and BCC'd to App-Infra & InfoSec.
|
LethalGeek posted:This made some deep part of my being feel right in the universe. Urgent huh? Sure thing, well you were logging to the root partition and it seems you've managed to fill that partition with exception traces to a single log file because you don't seem to believe in or heard of log rotation, or you know.. logging to the separate /var partition where we have log aggregation configured to ingest from. Real sorry this has blocked your deployment this afternoon but it's out if my hands  looks like you just got scheduled for an even more urgent afternoon meeting. Consider yourself officially blocked for all of your teams releases until you can demonstrate that these issues have been corrected across all your services in all envs.They had a PR in that night by their Principle SWE. Talk about lighting a fire under the correct asses. I did blast their trash log down and reconfigured their wrapper to log to the proper place and included it as a reference for the rest of the changes because I'm not a complete monster. Someone else tried to request that chmod -R 777 /var/log/SERVICE the next day and that did not go over well.
|
|
#
?
Nov 10, 2017 08:56
|
|
|
Why would you develop on your workstation anyway? Don't you have VMs that you can gently caress up and then reinstall at the push of a button for that?
|
|
#
?
Nov 10, 2017 09:16
|
|
|
Collateral Damage posted:Why would you develop on your workstation anyway? Don't you have VMs that you can gently caress up and then reinstall at the push of a button for that? In other news, OVH has probably had a few tickets come in: 
BlankSystemDaemon fucked around with this message at 13:06 on Nov 10, 2017 |
|
#
?
Nov 10, 2017 13:03
|
|
|
D. Ebdrup posted:DevOps.
|
|
#
?
Nov 10, 2017 15:29
|
|
|
Collateral Damage posted:What in devops says you have to develop on your local, physical workstation rather than a virtual workstation that you can easily nuke and redeploy when it inevitably becomes too cluttered? Dev. Ops. Geez man.
|
|
#
?
Nov 10, 2017 15:49
|
|
|
SeaborneClink posted:Not to worry, we've already handled that. I'm still so embarrassed from my first Junior sys admin job. I was taught to just disable selinux until I finally got someone to teach me better. I'm glad I left that job a while back, dumpster fire of bad IT practices.
|
|
#
?
Nov 10, 2017 16:16
|
|
|
Collateral Damage posted:What in devops says you have to develop on your local, physical workstation rather than a virtual workstation that you can easily nuke and redeploy when it inevitably becomes too cluttered? I'm not creating a VM to install my IDE and SDKs to just because I want to keep my main work station tidy or whatever that reasoning is here.
|
|
#
?
Nov 10, 2017 16:19
|
|
|
Volmarias posted:I'm not creating a VM to install my IDE and SDKs to just because I want to keep my main work station tidy or whatever that reasoning is here. Quite a bunch of people seem to think quite differently. Some have good reasons to do so (perceived security, though obviously baseless), some the sysadmin is asking them to (no reason, just because) some because they are running one OS and want to develop in another one temporarily (and that for them doesn't justify installing that other OS alongside the existing one). In my personal opinion, they are obviously gimping themselves for no benefit, but ... they are out there.
|
|
#
?
Nov 10, 2017 16:36
|
|
|
Volmarias posted:I'm not creating a VM to install my IDE and SDKs to just because I want to keep my main work station tidy or whatever that reasoning is here. What kind of environment do you run where clicking a VM template is a burden?My workstation basically just handles email, office and web browsing, everything else runs in VMs. It's great when you want to try out new software packages or libraries because you can dick around with it to your heart's content and when you're done you just delete the VM. But maybe it's just me taking the "servers are cattle, not pets" idea to the desktop as well. And to get back to the original discussion, it makes the helpdesk people happy too because I have no need for local admin on my physical workstation while having free reign on the VMs.
|
|
#
?
Nov 10, 2017 16:52
|
|
|
If your VM is on the network, how is that any more secure than just having local admin on your own station?
|
|
#
?
Nov 10, 2017 18:30
|
|
|
Collateral Damage posted:
What kind of brain do you have where you decide that you need to use "The email computer" now? It depends on the work you do, but I'm happy not having "Maybe it's some weird interference from the VM?" be a part of my "why the gently caress is this mysteriously failing now despite every configuration being triple checked and correct?" troubleshooting. Then again, I also do mobile development so I don't need to worry about having the exactly perfect version of Java installed for some particular arcane service, so there's that. I could understand this being a problem if you had to install some cornucopia of different versions of packages of software, but I don't and this isn't an issue for me.
|
|
#
?
Nov 10, 2017 18:57
|
|
|
A Pinball Wizard posted:If your VM is on the network, how is that any more secure than just having local admin on your own station? It isn't. Not to mention that malware can get out of the VM into the host too, so ... yea, nothing gained.
|
|
#
?
Nov 10, 2017 19:33
|
|
|
Avenging_Mikon posted:Dev. Ops. Geez man. Right? Looks like someone needs to do some more thought leadering.
|
|
#
?
Nov 10, 2017 19:39
|
|
|
You should not have any sort of admin rights on your primary user account, period. If you need to have local admin to accomplish tasks, you should be provided a separate account to use for just those specific tasks. If in Linux, a properly setup sudo is also acceptable. Having your dev environment be in a vm is a good idea, not because of “what if my dev work messes up my dev environment” but because of “what if something else I’m doing on my computer messes up my dev environment and it somehow makes it into production” see the ccleaner incident as a real world example.
|
|
#
?
Nov 10, 2017 19:59
|
|
|
As a dev, I only have a VM at the office if I need to VPN in somewhere to do development, or am testing installers and actually need a clean slate; 99.9% of the time you don't have to blow away your entire environment and restore from a snapshot to do some random development. Doing all development tasks exclusively within a VM seems unnecessary to me. At home I have a VM for development for when I work from home, but that's just so I can blow the whole thing away in a moment when I'm done with the company. edit: oh, security. Meh
|
|
#
?
Nov 10, 2017 20:05
|
|
|
Lmao the vm isn't on your local system, it's on a vm farm behind even tighter security and you develop over VNC.
|
|
#
?
Nov 10, 2017 20:09
|
|
|
carry on then posted:Lmao the vm isn't on your local system, it's on a vm farm behind even tighter security and you develop over VNC. “VNC” and “tighter security” don’t really go together in my mind. FWIW, my company doesn’t force its devs to use vm’s. But most of their needed applications are sccm packages so it’s easy to redeploy, and they have secondary admin accounts to install additional tools if needed.
|
|
#
?
Nov 10, 2017 20:14
|
|
|
The Fool posted:“VNC” and “tighter security” don’t really go together in my mind. SSH, my bad.
|
|
#
?
Nov 10, 2017 20:19
|
|
|
Oh hey cool it looks like level3 hosed up bgp again
|
|
#
?
Nov 10, 2017 21:36
|
|
|
|
|
#
?
Nov 10, 2017 21:41
|
|
|
devmd01 posted:Oh hey cool it looks like level3 hosed up bgp again Centurylink. We're all hosed.
|
|
#
?
Nov 10, 2017 21:44
|
|
|
Didn’t Level 3 used to be not poo poo-tier once upon a time?
|
|
#
?
Nov 10, 2017 21:45
|
|
|
Right until they realized they could abuse peering in the early Netflix days. Also...congrats!
|
|
#
?
Nov 10, 2017 22:01
|
|
|
devmd01 posted:Oh hey cool it looks like level3 hosed up bgp again Jesus christ...
|
|
#
?
Nov 10, 2017 22:43
|
|
|
Removing net neutrality will totally fix this guys!
|
|
#
?
Nov 10, 2017 23:20
|
|
|
iospace posted:Removing net neutrality will totally fix this guys! Oh yeah, it's the 3 year anniversary of Obama coming out in favor of it. It was kind of fun to see conservative, but technologically savvy people squirm as they tried to reconcile the two positions.
|
|
#
?
Nov 10, 2017 23:31
|
|
|
devmd01 posted:Oh hey cool it looks like level3 hosed up bgp again How else will we protect our borders? 
|
|
#
?
Nov 11, 2017 00:06
|
|
|
Level3Outages in Level3Days
|
|
#
?
Nov 11, 2017 01:35
|
|
|
The Fool posted:You should not have any sort of admin rights on your primary user account, period. This, I am a domain admin in my companies environment, what do I log into my local workstation with? A non-privileged account, if I need something on my computer, I have UAC to prompt for my admin creds. SeaborneClink posted:Level3Outages in Level3Days Did they seriously gently caress poo poo up again? I wasn't affected today nor were any clients as far as I'm aware. Thanks Ants posted:Didn’t Level 3 used to be not poo poo-tier once upon a time? We have a few Level3 fiber connections, 2 for our company and a few for clients, they have been Rock loving Solid, though apparently their backbone servicing leaves something to be desired from what I've been seeing lol
|
|
#
?
Nov 11, 2017 03:16
|
|
|
MF_James posted:Did they seriously gently caress poo poo up again? I wasn't affected today nor were any clients as far as I'm aware. Ayup. We took hit(s) today on the east coast for multiple routes between 1515-1545Z we had recoveries lasting until 1900Z. CenturyLink y'all!
|
|
#
?
Nov 11, 2017 04:18
|
|
|
The Fool posted:You should not have any sort of admin rights on your primary user account, period. We just started doing this at my current job. For the past few months... and evidently the past few years we've all been merrily using our domain accounts for everyday everything. It's not a ton more secure in practice now since we're just RDPing into servers with our new DA accounts, and all user machines are local admins. But at least we'll be dealing with that within the next quarter or two. Nooooooooot looking forwards to everyone bitching about that. We're a pretty software/tech focused shop too, so these are ostensibly computer savvy people too.
|
|
#
?
Nov 11, 2017 06:01
|
|
Cat Army
|
Crossposting this post from back in June from the Schadenfreude thread because it is horrifying:Bloody Hedgehog posted:When I was doing some volunteer work in South America, someone heard that I "knew computer stuff". So one day some guy comes to pick me up, says he has work for me, and then proceeds to drive me to the airport. When they get their, their IT guy looks at me and goes ".... can you fix the entire airports computers systems and network?!?" Apart from kind of being horrified, I was a little curious, so I let him show me around. It was some terrible mish-mash of lowest of the low end PC's, riddled with every piece of malware and viruses you could imagine.
|
|
#
?
Nov 11, 2017 11:41
|
|
|
The Iron Rose posted:We just started doing this at my current job. For the past few months... and evidently the past few years we've all been merrily using our domain accounts for everyday everything. It's not a ton more secure in practice now since we're just RDPing into servers with our new DA accounts, and all user machines are local admins. But at least we'll be dealing with that within the next quarter or two. Use knowbe4 or some similar phishing test to show them how vulnerable they are. It's easier to take away their local admin if you can prove that while they may be tech savvy, they aren't security savvy.
|
|
#
?
Nov 11, 2017 15:22
|
|
|
Judge Schnoopy posted:Use knowbe4 or some similar phishing test to show them how vulnerable they are. It's easier to take away their local admin if you can prove that while they may be tech savvy, they aren't security savvy.
|
|
#
?
Nov 11, 2017 18:08
|
|
|
anthonypants posted:A phishing test where if you click on the thing it removes you from local admin This is a great idea, actually.
|
|
#
?
Nov 11, 2017 18:37
|
|
|
A client I'm at does that now. If you fail the Phish test three times in a row your privaleged accounts get disabled and your internet access is revoked. It pisses people off, but does wonders with their Phish detection.
|
|
#
?
Nov 11, 2017 21:31
|
|
|
I'm sort of curious what happens if someone security minded takes the link and uses curl to download it. Does it count as a hit, or is someone smart enough to capture the user agent and see whahaha who am I kidding.
|
|
#
?
Nov 11, 2017 22:02
|
|
|
|
| # ? Jun 4, 2024 14:05 |
|
|
Volmarias posted:I'm sort of curious what happens if someone security minded takes the link and uses curl to download it. Does it count as a hit, or is someone smart enough to capture the user agent and see whahaha who am I kidding. I'd probably put a couple different levels/flags for acting on a phishing test mail: Loading an image (pixel) in the HTML mail body, fetching the main web page linked, running JS on the webpage (letting it perform an XHR request), submitting the form, and submitting the form with working credentials.
|
|
#
?
Nov 11, 2017 22:24
|
|
