They can use whatever they want, just don’t expect me to support it or install it. You want to be IT? Go hog wild, but leave me alone. This of course, never happens
|
|
# ? Jun 22, 2021 02:03 |
|
|
# ? May 25, 2024 01:27 |
|
Sickening posted:Well, there is only so deep someone can go. Shadow IT in our world would have be groups of people using totally separate, non-managed machines on totally separate networks, with totally separate email systems. They would also have to get around talking about it in any managed system or speak in code. They would have to manage to not get caught despite C-level leaders strictly outlawing it in written policy written this calendar year. Bad news for IT people on both those points.
|
# ? Jun 22, 2021 20:13 |
How long should AD replication usually take? Is it normal to add a user to a group and it takes 5 minutes for that to replicate to another domain controller?
|
|
# ? Jun 24, 2021 11:19 |
|
"it depends". Are they on the same site?
|
# ? Jun 24, 2021 11:20 |
|
This is a small one in the category of things pissing me off: Bossman talking about me and how terrible my communication skills are in third person during a meeting I am attending. Dude you talked to me like three minutes before during the same meeting. Unrelated to that I'd love to but man, I am absolutely not in the mood for the stressful rat race that is job hunting. Additional stress factor: I'd have to move, because rural Bavaria is a really bad place for IT jobs. And completely unrelated to work, but also pissing me off - and while I am at it already: My shower is not working.
|
# ? Jun 24, 2021 11:33 |
Thanks Ants posted:"it depends". Are they on the same site? Several different sites, but all connected on high-capacity low-latency (less than 5 ms) links.
|
|
# ? Jun 24, 2021 11:41 |
|
How have you arranged the sites in AD, and what are the replication intervals set to? The default is 180 minutes across sites.
|
# ? Jun 24, 2021 11:51 |
|
If its just a one-time this-needs-to-propagate-right-now you can force a replication on a DC to its linked DCs with repadmin /syncall /AdeP
|
# ? Jun 24, 2021 16:34 |
Reminds me of my old job where password resets took 10 minutes to take effect... and then they had people's password expire literally every month while they already 2FA lmao
|
|
# ? Jun 24, 2021 16:58 |
|
We still have an internal site that requires password changes every 3 months and has absurd complexity requirements. Every other service at the company has moved to SSO with 2FA but this brave holdout is still running like it's 2005. Fortunately I only need to use it a couple times a year, but this does mean every password I generate for it is effectively a one time password.
|
# ? Jun 24, 2021 17:02 |
|
I've still not seen anything more onerous than our credit card gateway: The requirements end up actually limiting the amount of combinations. 3 upper case, 3 lower case, 2 numbers, and a single special character. Additionally, you can't use < > or & as a special character. You also can't have repeating or sequential letters or numbers. So no aa, ab, or 11,12. And it has to be exactly 9 characters, no more, no less.
|
# ? Jun 24, 2021 17:15 |
|
stevewm posted:I've still not seen anything more onerous than our credit card gateway: When I worked at Comcast 15ish years ago their billing/provisioning/customer info/sales platform required an 8-character password structured as <5 letters><1 special character><2 numbers> in that exact order. I can't imagine the thought process that went into that requirement.
|
# ? Jun 24, 2021 17:52 |
klosterdev posted:If its just a one-time this-needs-to-propagate-right-now you can force a replication on a DC to its linked DCs with repadmin /syncall /AdeP Nah this isn't my directory to manage, I'm just a helpdesk suffering from it. I'm going to raise an issue about it if it keeps up next week too, because replicating simple changes like adding a user to a group used to happen within a few seconds.
|
|
# ? Jun 24, 2021 18:10 |
|
Password complexity is dumb and olds should let it go.
|
# ? Jun 24, 2021 18:30 |
|
nielsm posted:Nah this isn't my directory to manage, I'm just a helpdesk suffering from it. I'm going to raise an issue about it if it keeps up next week too, because replicating simple changes like adding a user to a group used to happen within a few seconds. There's absolutely no reason in the modern world not to have Change Notification turned on. Unless you're still operating a site in Bumfuckistan with a 33.6 modem, OR you're running a giant multinational with 200k objects in your AD of which 10k are being changed at any given time, the impact of having your DCs notify your other DCs whenever a change happens should be very minimal on your WAN links. It's not 1995 anymore. https://optionkey.blogspot.com/2018/07/fast-active-directory-replication-and.html (And if you DO have one site with a lovely link, just configure a different site link and don't configure Change Notification on it). Obviously I'm not suggesting this is your fault since you're not running AD, but if you raise the issue you may want to gently suggest to your sysadmins that their 2003 MCSE training is no longer the gold standard for how to admin AD.
|
# ? Jun 24, 2021 18:37 |
|
I've run into a STIG based password restriction for passwords that always messes people up and they keep escalating it to me. The passwords can't have three sequential characters of the same class. So you can't have any three letters or any three numbers in a row. It makes it really hard to generate passwords. I've explained that specifically to the devs a bunch of times and it's really hard to grasp.
|
# ? Jun 24, 2021 18:43 |
|
Sickening posted:Password
|
# ? Jun 24, 2021 19:05 |
|
SyNack Sassimov posted:Change Notification Thank you, that was the phrase I was searching my brain for
|
# ? Jun 24, 2021 19:47 |
|
you ate my cat posted:When I worked at Comcast 15ish years ago their billing/provisioning/customer info/sales platform required an 8-character password structured as <5 letters><1 special character><2 numbers> in that exact order. I can't imagine the thought process that went into that requirement. Amateur regexing would be my thought.
|
# ? Jun 25, 2021 10:49 |
|
Lum posted:Our networks team love to use SNAT when routing a port to a DMZ IP, but they're not willing to do any sort of intrusion detection at the firewall level. And it turns out they decided to change the external access setup of an existing, working SFTP server. That server had fail2ban on it, so promptly banned the central firewalls
|
# ? Jun 25, 2021 16:45 |
|
Pissing me off: NBC built their compliance with the California cookie privacy law to be as annoying as humanly possible. Instead of a "do not sell my data" button" NBC web properties are set so you have to go to their privacy policy to find it it hidden in the middle, manually select which properties that you don't want data about you saved with no select-all option, after selecting like fifty NBC properties manually, filling out more personal information, verifying my email address and then finally submitting I wake up to like fifty emails in my inbox all saying the same thing quote:Dear klosterdev, gently caress you NBC klosterdev fucked around with this message at 20:45 on Jun 25, 2021 |
# ? Jun 25, 2021 20:42 |
|
Not pissing me off, but seriously surprising me: sysinternals released a new version of RDCMan a few days ago: https://docs.microsoft.com/en-us/sysinternals/downloads/rdcman
|
# ? Jun 28, 2021 22:03 |
|
Thanatosian posted:Not pissing me off, but seriously surprising me: sysinternals released a new version of RDCMan a few days ago:
|
# ? Jun 29, 2021 15:58 |
|
love to see male coworkers publicly say that they don't trust my advice, and to check with this other team, only for them to say I was totally right
|
# ? Jun 29, 2021 16:27 |
|
If a coworker straight up said publicly "I don't trust your advice," I think I would murder them, regardless of whether or not I ended up being right. Jesus.
|
# ? Jun 29, 2021 16:33 |
|
Internet Explorer posted:If a coworker straight up said publicly "I don't trust your advice," I think I would murder them, regardless of whether or not I ended up being right. Jesus. the exact language was "[the fact that we are already] using <standard GCP tool I recommended> in different places does not mean that is a right approach" **in a public slack channel** no technical arguments, it's not even a tool he's familiar with! just "talk to X team". I'm beyond livid. fortunately i have a good management team who will take my side here, but if you have concerns about a coworker's professional advice, and it's not immediately time critical, (and you don't know what you're talking about!) the professional thing to do is message them privately so they can caveat as appropriate. not publicly say that they don't know what they are doing ughhhhhh i loving hate working with men who don't know how to communicate! The Iron Rose fucked around with this message at 16:52 on Jun 29, 2021 |
# ? Jun 29, 2021 16:49 |
|
That sounds infuriating You’ve posted about issues like this before, is it the same person/people, or is it a larger workplace problem?
|
# ? Jun 29, 2021 16:52 |
|
The Fool posted:That sounds infuriating nah this is a new guy. it's not even egregiously bad tbh. for sure the worst i've gotten in about a month or so though. this place is the best workplace i've ever had! here i only get condescended to and my advice ignored, (and the occasional married 40 year old man trying to sleep with me). far superior to the rampant sexual harassment/assault i've seen everywhere else. such is the life of being a woman
|
# ? Jun 29, 2021 16:57 |
The azurerm provider for Terraform is buggy as gently caress, had to downgrade to another version to avoid the loving buggy rear end minefield it is right now. Today it created role assignments then couldn’t read them to so much as plan for a re apply, wtf lmao
|
|
# ? Jun 29, 2021 23:01 |
|
i am a moron posted:The azurerm provider for Terraform is buggy as gently caress, had to downgrade to another version to avoid the loving buggy rear end minefield it is right now. Today it created role assignments then couldn’t read them to so much as plan for a re apply, wtf lmao Lmao this is my life Not a week goes by without a dev having some issue that can get traced back to the provider We just got one where changing the tags for a key vault certificate causes the certificate to be re-created
|
# ? Jun 30, 2021 01:33 |
|
Also, gently caress deploying aks through terraform This morning someone seriously suggested that we fork the provider and write our own implementation for aks
|
# ? Jun 30, 2021 03:08 |
|
The Fool posted:Also, gently caress deploying aks through terraform I feel like the best possible outcome for that scenario is awful. Just totally unwinnable.
|
# ? Jun 30, 2021 03:10 |
|
Are any of the other IaC tools worth looking at? Pulumi? What else is even out there?
|
# ? Jun 30, 2021 03:38 |
|
Also, pissing me off: Lumen fiber cut in VA today. Had to failover the internet circuit manually as it wasn’t ‘completely’ down and restart our sonicwall vpn appliance (for another reason). Appliance refused to come back up. Called their support and found there is some issue where the bootloader fails and needs a manual patch and then a firmware reload. Good poo poo. Did I mention this appliance is needed for our Ayava IP Office to provide vpn connections to desk phones outside the office? So we had like 70 people without phones while this happened.
|
# ? Jun 30, 2021 03:41 |
|
Spring Heeled Jack posted:Are any of the other IaC tools worth looking at? Pulumi? What else is even out there? This specifically is less a terraform problem and more of a provider problem, so blame Azure here. Edit: in retrospect actually this could be either an API issue or an issue with the provider itself, so retract that. Now, don’t get me wrong, lots about terraform suuuuuucks. Version management, non-atomic applies, doing anything interesting with state (though that one is a bit overblown tbh). My personal bugbear rn is with GCP API support for built in service accounts. To which you say “don’t use built in service accounts!” To which I say “yes, but cloudbuild sucks extra hard and imposes stupid rear end limitations on user SAs” anyways ansible seems like the obvious answer here, though it’s better at resource configuration than creation. Otherwise I’d actually probably go for provider specific declarative languages. Cloudformation is surprisingly decent these days - you can even do stock trades with it! I used to hear good things about Saltstack a few years ago, but they’ve been acquired by vmware so lol. Basically what I’m saying is the market is ripe for disruption. The Iron Rose fucked around with this message at 04:02 on Jun 30, 2021 |
# ? Jun 30, 2021 03:46 |
The Fool posted:Also, gently caress deploying aks through terraform Could be worse! Try azure firewall and the insane rear end policies you need for manager Re:other IaC chat TF is still amazing and the people working on the providers are awesome. There is no other alternative, anything JSON based can suck my butt
|
|
# ? Jun 30, 2021 04:20 |
|
Spring Heeled Jack posted:sonicwall I have nothing to add but that's quite the collection of poo poo-tier vendors you have involved in your professional life
|
# ? Jun 30, 2021 10:50 |
|
Thanks Ants posted:I have nothing to add but that's quite the collection of poo poo-tier vendors you have involved in your professional life The Avaya was put in before my time and we are actively working with vendors to get moved over to a hosted VOIP solution. So it won’t trouble me much longer. The Sonicwalls were put in by my predecessor with a lovely MSP less than a full year ago because they pitched it to us (as sonicwall resellers) and he suddenly decided that we needed a next-gen firewall as we are on the cusp of completely moving our infra to Azure. It has been nothing but headaches. He’s not with the company anymore but I had to constantly fight him on bad decisions and he was security obsessed with practices that may have been appropriate in the early 2000s.
|
# ? Jul 3, 2021 21:49 |
Sonicwalls are like four gens ago. It’s honestly hilarious they’re still being bought and sold - one of the worst products I’ve ever used in my entire life.
|
|
# ? Jul 3, 2021 22:24 |
|
|
# ? May 25, 2024 01:27 |
|
We’re a SonicWall partner and all their product communication is about how you can increase revenue and nothing about the product itself (which is hot garbage), which I think says all you need to know about them. Firewalls don’t really *do* anything now for a distributed workforce and a company that is fully on SaaS apps, spend the pretty insane security service subscriptions on zero trust and identity and things like that.
|
# ? Jul 4, 2021 00:41 |