|
Weedle posted:thank you 💜 i'm buzzing, honestly. the fact that they're taking the time to interview me is already immensely encouraging. i put "gender transition" on the application as my reason for leaving my current position so they most certainly know what the deal is, and the lady who set up the interview would be my actual boss, so i think they're pretty serious and just need to confirm that i actually know about the stuff i claim to know about. all i really want is to work in the same field i have for my entire adult life and am comfortable in, but as the person i really am well they ended up going with someone else for this but then i applied and immediately got phone interviewed for a similar position at the swankest branch of the public library. seems promising. hopefully i don't beef the zoom interview next week
|
# ? May 13, 2022 21:48 |
|
|
# ? Jun 5, 2024 06:09 |
|
Hell yeah, libraries are awesome. Good luck!
|
# ? May 13, 2022 22:33 |
|
The Fool posted:counterpoint, no servers should have fixed ip's and you should be using dns Tell that to the garbage software that I'm cursed to support for another however long because I didn't get the job I interviewed for earlier this week .
|
# ? May 13, 2022 23:55 |
|
I'm at a loss for words. Paraphrased: "Why doesn't this statement run? It is being run against databases that total to 1.1 billion cells, but I'm sure we've run similar jobs before?" The statement: code:
|
# ? May 14, 2022 05:14 |
|
Breetai posted:I'm at a loss for words. "Do you know what a cartesian product is?" "A cartesian what?"
|
# ? May 14, 2022 05:26 |
|
Breetai posted:I'm at a loss for words. Hahahaha. I'm a Sr. DBA at work and I used to have a weekly meeting where I'd pull pgbadger reports and sit down with the Engineering Support team and ask them to please go rub the developer's faces in these dogshit queries. I think the worst offender I ever saw was 13 inner joins with 7 of them being our largest tables.
|
# ? May 14, 2022 06:12 |
|
This is why the database I work with paginates queries by default. Because people are loving dumb.
|
# ? May 14, 2022 06:14 |
|
Dimestore Merlin posted:Hahahaha. I'm a Sr. DBA at work and I used to have a weekly meeting where I'd pull pgbadger reports and sit down with the Engineering Support team and ask them to please go rub the developer's faces in these dogshit queries. I think the worst offender I ever saw was 13 inner joins with 7 of them being our largest tables. We routinely have queries like that in our e-MD system, because medical stuff is hugely complicated and this system was written by an MD with barely any programming experience in 2004. We've been trying to lift it to current standards but it's a huge uphill battle. It's years upon years of "just change/add this one thing, we'll fix it later".
|
# ? May 14, 2022 10:10 |
|
KillHour posted:That was the fault of the software I was teaching, not the infrastructure design (which I did and am very proud of ). The software was never written to be cloud software. We were just using that because some bean counter thought it would be cheaper and work better. It was not and did not. Was it the horrifying software that had a client intended for another engine that got panic replaced with a completely different one? Because that wouldn't shock me.
|
# ? May 16, 2022 04:09 |
|
Thomamelas posted:Was it the horrifying software that had a client intended for another engine that got panic replaced with a completely different one? Because that wouldn't shock me. The fact that I'm not entirely sure what you're talking about means that happened after I left. But even before I left there was a new engine that had been under development for a while so either that finally released and it did not go well (but I don't think that counts as a panic replacement) or something really loving stupid happened after I left that I don't know about because I'm no longer in the industry. Either way, this was before that and is because that software included DNA from two really loving old products and one of the two had (and probably still has) the same issue. I'll let you guess which one. KillHour fucked around with this message at 04:40 on May 16, 2022 |
# ? May 16, 2022 04:37 |
|
I just added ap-southeast-3 to my latency map and I need to buy a year ago Agrikk a hot chocolate. Nothing more satisfying than reusing and launching my cloudFornation script and have it spin up a new VPC in a new region, create two dozen peering relationships, update forty-odd route tables, and spin up a new worker node from a half-baked AMI. Total time? Fifteen minutes.
|
# ? May 16, 2022 06:59 |
|
Agrikk posted:I just added ap-southeast-3 to my latency map and I need to buy a year ago Agrikk a hot chocolate. Nice! A couple of rookie questions just because I'm studying up for the SAA cert:
|
# ? May 16, 2022 15:00 |
|
do terraform and cloudformation
|
# ? May 16, 2022 15:33 |
|
Terraform is by far the most popular and flexible Cloudformation can do some really neat things and is probably better for some usecases, most notably if you use the AWS Serverless Application Model, which I cannot recommend highly enough. SAM templates are sooooo much better for lambdas than terraform.
|
# ? May 16, 2022 18:09 |
|
The Fool posted:counterpoint, no servers should have fixed ip's and you should be using dns This only works if the software connecting to the server allows for the use of DNS. We have legacy software that requires an IP address instead of a server name, so it's static addressing for our servers.
|
# ? May 16, 2022 18:18 |
|
Hughmoris posted:Nice! I created https://latency.bluegoat.net to help a customer determine alternate [backup] regions that they can put into play should a region have an outage. I know there are others sites out there that do this but this one is mine. Every region pings every other region and updates this grid. I use cloudFornation (json) because it’s an AWS product but can’t speak to terraform because I’ve never used it. Agrikk fucked around with this message at 21:55 on May 16, 2022 |
# ? May 16, 2022 21:53 |
|
Speaking of Cloudformation and Terraform, I have been informed that at my new job we use neither because of “third party code vulnerabilities.” *screaming internally*
|
# ? May 16, 2022 22:16 |
|
lmao how can anyone make that argument with a straight face and also be using a cloud provider
|
# ? May 16, 2022 22:19 |
what does that even mean any time people get popped using terraform it's self-inflicted. like leaving your state file in a publicly readable blob storage, or not figuring out how to secure credentials before using it
|
|
# ? May 16, 2022 22:33 |
|
Agrikk posted:I created https://latency.bluegoat.net to help a customer determine alternate [backup] regions that they can put into play should a region have an outage. I know there are others sites out there that do this but this one is mine. This is awesome. If you care about such things, there is a minor typo spotted in your 'about' page: The results are also sent to a historical trable that stores the 180-second results for 24 hours. *One last question: what do you use to make those sweet AWS schematics? Hughmoris fucked around with this message at 23:07 on May 16, 2022 |
# ? May 16, 2022 22:54 |
|
22 Eargesplitten posted:Speaking of Cloudformation and Terraform, I have been informed that at my new job we use neither because of “third party code vulnerabilities.” Does that mean you're expected to roll your own crypto?
|
# ? May 16, 2022 22:56 |
|
The Fool posted:lmao From the way the infosec guy explained it, it's clear he doesn't understand but it sounds like he's worried about third party TF modules being written maliciously and thinks it's too much work to look through the modules and also let's throw the baby out with the bathwater and not use officially provided modules from a provider like Amazon. If I'm here long enough to build credibility I'll try to change the director's mind but I'm probably just going to get some experience, do TF on my own time, and bounce.
|
# ? May 17, 2022 04:27 |
|
I mean, not wanting 3rd party modules isn't terrible, but if its a real concern you need to make a seriously large investment into enforcing it Its obvious that your security guy isn't fully understanding the situation because for every security flaw he thinks he's worried about in 3rd part modules your regular employees are perfectly capable of managing on their own.
|
# ? May 17, 2022 05:32 |
|
to be fair third party modules are the work of the devil and should be entirely eradicated. Not because of “bad security”, but because they’re agony to work with. there’s like one or two edge cases but the best modules are highly opinionated and third party modules are the antithesis of that. it still makes no loving sense and your security team is incompetent beyond measure
|
# ? May 17, 2022 06:00 |
|
Someone talking about future scoping used the word 'blockchain' in relation to our 100TB landing table.
|
# ? May 17, 2022 07:57 |
The Iron Rose posted:to be fair third party modules are the work of the devil and should be entirely eradicated. Not because of “bad security”, but because they’re agony to work with. i guess technically you could put some kinda arbitrary code execution in a public module, but it isn't possible to hide it. and totally agreed on the modules, i have to constantly swat them down when onboarding people into TF/TFC on my current project. client decided to make heavy use of the private registry in TFC which, topical for this thread, is pissing me off in an entirely different way
|
|
# ? May 17, 2022 12:34 |
|
The Fool posted:I mean, not wanting 3rd party modules isn't terrible, but if its a real concern you need to make a seriously large investment into enforcing it Yeah, refusing to use a technology at all because there are ways you could use it that would cause security problems is peak "I don't understand this and I'm not going to try."
|
# ? May 17, 2022 14:34 |
|
About 2 months ago, I got assigned a server replacement for my dentist's office. I've done their last two server replacements, was familiar with the vendor and how they work, so I didn't think too much about it. I arrived the afternoon before, got the server on the domain, copied over installers, did the last round of updates etc, then came back in the morning for our scheduled install. Maybe 30 minutes before the appointment the dentist asks me about encryption on the server. Apparently someone told him that encryption is a magic bullet in the event of ransomware/other compromise, so he requested to order Self-Encrypting SSDs from dell. I'm thinking OK cool, I can just go into the raid controller and encrypt the drives once I'm done with the install, no biggie. I do the install, update all the client PCs, but they're crashing all the time. Obviously in the Dr's mind there's something wrong with the new server. Long story short after a couple weeks with the vendor, the third tech I was escalated to recalls something in one of their internal meetings where they uncheck this one little "display counter" checkbox on eforms, and the crashing goes away. So that being solved, I go to revisit the drive encryption thing. I create trusted keys and passwords in the raid controller, and then try to encrypt the drive, and the option is simply unavailable. After a conversation with Dell, I find out that the SSDs we ordered aren't the self-encrypting drives, but rather they support secure erasure. So I talk to my boss, who BTW was childhood friends with this Dr. before they shipped out to the navy, and he wants to make it right by ordering the Self encrypting drives. The problem is that a pair of the self-encrypting drives to put in a Raid1 costs about as much as the whole server does. So they decided they'd just order a regular set of SSDs for me to put Bitlocker on and transfer the partition that has customer data to it. I got there to do that last friday, and was able to encrypt the new SSDs with Bitlocker, but then I realize there's no way to have them unlock when the OS starts up without someone logging into the server and putting in a password. Of course, before a user could do unlock the drives there's a pervasive SQL instance and applications that need that drive to start up, so I stopped before moving that data over. My thought was "Why the hell aren't we just encrypting the current drives with bitlocker instead of doing all this other work, but when I tried to encrypt the C: drive it just gives me a generic "This drive cannot be encrypted" message. So now I'm here today, I've wasted multiple trips to this customer, and his poo poo's still not encrypted. But I had a conversation with him yesterday about what he actually wants to accomplish. His main concern is someone breaking into his office and physically taking the server with him. So basically any solution where they don't have to put in a password every time won't actually address his concern. I was thinking about using a smart card to decrypt the drive, and he'd just have to plug it in before bootup, but even still I'm not sure that would even work if the C: drive isn't bitlockered. I've verified that the TPM chip is active and ready. Based on my reading I'm assuming one of the following is the reason I can't encrypt that C: drive: Disk is formatted as Dynamic Dell Recovery partition is before the C: drive For either of those I guess the solution is going to be wipe/reload and start from scratch. I'd probably need to set up another temporary domain controller, since this single server does everything. Part of me just wants to hit da bricks and let the folks who quoted/ordered the server deal with it. Does Dell Data Encryption Enterprise have the ability to do whole disk encryption on poweredge servers? If I restored this server from their Datto backup as a VM, would there be a way to encrypt the VM such that they put in a password before the VM starts? Should I convince the boss to try to sell him datacenter space to put his server in so at least it's not sitting in a shady neighborhood? Every time I come in for Dental work they take my blood pressure and it comes back like 160/110, but I can take it before or after and it's normal lol.
|
# ? May 17, 2022 16:09 |
|
I will say aside from that this new job is exciting and seems like it will be a great learning experience. I’m still on boarding but within a couple weeks hopefully I can be helping with the project du jour which is figure out where we’re bleeding money in AWS. Apparently we don’t use Glacier Deep Archive or whatever it’s currently called so that seems like part of it, we could be saving like 90% on all the stuff we’re just retaining for compliance reasons.
|
# ? May 17, 2022 17:21 |
|
22 Eargesplitten posted:I will say aside from that this new job is exciting and seems like it will be a great learning experience. I’m still on boarding but within a couple weeks hopefully I can be helping with the project du jour which is figure out where we’re bleeding money in AWS. Apparently we don’t use Glacier Deep Archive or whatever it’s currently called so that seems like part of it, we could be saving like 90% on all the stuff we’re just retaining for compliance reasons. Those are the types of problems I enjoy solving.
|
# ? May 17, 2022 17:32 |
|
Cheech Marinade posted:About 2 months ago, I got assigned a server replacement for my dentist's office. I've done their last two server replacements, was familiar with the vendor and how they work, so I didn't think too much about it. I arrived the afternoon before, got the server on the domain, copied over installers, did the last round of updates etc, then came back in the morning for our scheduled install. Maybe 30 minutes before the appointment the dentist asks me about encryption on the server. Apparently someone told him that encryption is a magic bullet in the event of ransomware/other compromise, so he requested to order Self-Encrypting SSDs from dell. This is kind of all over the place, but my recommendation would be to take another look at Bitlocker, because you can indeed encrypt a system drive and you can indeed have it boot up without someone having to unlock it or whatever it is you're running into. You just want to unlock via TPM only and not Passcode/Password. You'll want to make sure BIOS/UEFI is locked down if someone physically grabbing the server is a concern. And this setup isn't going to be Fort Knox secure, but it will stop a random smash and grab from the street from accessing the data. There's plenty of reasons not to have a single server onsite somewhere, including physical security, but that is also going to introduce points of failure if the internet goes out and will require making sure whatever apps they use can operate over the WAN and handle the latency, which I would not take for a given in the dental world.
|
# ? May 17, 2022 17:50 |
|
The red flag for me is that you’re having to visit this client to gently caress around with their server - does it not have an iDRAC card?
|
# ? May 17, 2022 18:32 |
|
Thanks Ants posted:The red flag for me is that you’re having to visit this client to gently caress around with their server - does it not have an iDRAC card? looks at post Cheech Marinade posted:a server replacement for my dentist's office. looks back at u
|
# ? May 18, 2022 02:38 |
|
the actual issue imo is considering using hardware raid in an era where software raid has never been more reliable, more performant, more ubiquitously available, and more straightforward to set up not to mention that a dentists office needs actual backups more than it needs redundancy Potato Salad fucked around with this message at 04:50 on May 18, 2022 |
# ? May 18, 2022 04:46 |
|
it's 2022 using hardware raid in a new era of chip scarcity and "oops, Schenzen locked down for two months" is deliberate introduction of a major single point of failure in systems that can take extra weeks or months to work around a dental office can work on paper and good faith for a day while someone gets a softraid setup working again or sorts out restoration from backups. it can't survive waiting for a new server or raid card for two months. and raid cards loving suck, it's like they're one of the most aggressively cost optimized parts you can toss in a system. citation: had this exact issue come up, in all places, with a literal dental office about 10 years ago Potato Salad fucked around with this message at 04:58 on May 18, 2022 |
# ? May 18, 2022 04:53 |
|
Okay but there's no way they're going to approve the SOW for that, they're just going to panic when something breaks after refusing any maintenance.
|
# ? May 18, 2022 05:01 |
|
God I'm so glad I don't have to deal with "what if we tried to save $50 on hardware by using non-ecc memory?" customers anymore.
|
# ? May 18, 2022 05:03 |
|
Hughmoris posted:This is awesome. If you care about such things, there is a minor typo spotted in your 'about' page: The results are also sent to a historical trable that stores the 180-second results for 24 hours. Whoops! Yes, I care about typos. Thanks for the proofreading. And the stencils came from here: https://aws.amazon.com/architecture/icons/
|
# ? May 18, 2022 06:37 |
|
KillHour posted:God I'm so glad I don't have to deal with "what if we tried to save $50 on hardware by using non-ecc memory?" customers anymore. This is my life, only in a multinational company with about 5000 people.
|
# ? May 18, 2022 06:56 |
|
|
# ? Jun 5, 2024 06:09 |
|
move to cloud infra, then you can argue with people about what sku's they're using and its always because they're over provisioned
|
# ? May 18, 2022 07:06 |