Archive for July, 2010

Actually doing work

Monday, July 12th, 2010

So most end users don’t really see much of what a systems administrator does.  Instead, they see only the panic reactions when servers are down, or the lack of visible work when things are going well.  Still, there is work to be done – like when you get a Nagios alert that a system is in a critical state for zombie processes.  Granted, zombie procs don’t really do much harm, but they do take up a certain amount of resources, and when the system in question is a VMware guest on which you’ve not installed VMware Tools, you really can’t spare any resources because your performance is already shit.  So, when you’re nominally in charge of this system, you probably shouldn’t let the critical alert sit for 17 days without doing anything about it.  That just makes you look like an idiot.

Never try to bullshit a Bullshit Artist

Thursday, July 8th, 2010

When you’re a sysadmin, you sometimes have to blow smoke at users who aren’t as computer-aware as they like to think they are.  Thankfully, this has been a rare occurrence in my career – usually, my users have been more computer-aware then they think, they’re just a bit afraid of the computer.  However, you should also realize that if you try to smokescreen another admin, you will be called out.  For example, if you try to tell me “we can’t do SANs on an SSL certificate”, I will tell you “yes you can, and here are the providers that will sign CSRs with SANs”.  If you then tell me “this will cost too much, like 5 to 7 hundred dollars per year”, I will turn around and tell you “no, here’s a provider who will do this for $90 a year”.  The moral of the story?  Don’t try to dick around with me; my radar is more sensitive than yours,  I’m better at it than you are and I will call you out on it.

Doin it VERY wrong…

Wednesday, July 7th, 2010

You do not solve problems with symlink spaghetti by adding two more symlinks.  When the symlink spaghetti was created to support a 7 year old app running on a 7 year old version of Apache, it’s time to buckle down and port the dratted thing to a modern OS and Apache version.  You know – do what I’ve been telling you to do for the past year and a half…

This is security?

Friday, July 2nd, 2010

New policy states that I have to rotate my password every 30 days…  this is security?  Since when is this even close to sane?  This is just begging for a post-it note solution to the “which password do I use this month” problem…  Idiots.  If I ever start a company the succeeds and grows the beyond 10 employees, I will fire anyone who comes up with an asinine policy like this on the spot.

Multi-hosting names

Thursday, July 1st, 2010

Dear Senior Systems Administrator:

When you set up round robin DNS for a given name such that it points to two different machines, you have to take other steps to ensure the SSH keys / fingerprints on those machines are the same.  Otherwise, you end up with users asking about fingerprint changes for that machine.  When you then tell the user(s) in questions to “just accept the key”, you then guarantee that every time that/those user(s) connect to the machine – either machine – they will get a rather obnoxious warning about an invalid host fingerprint in their known_hosts file.

You should really fix that, since your Systems Administrator(s) doesn’t/don’t want to spend the rest of their careers answering emails from users about “invalid host identification” when connecting to the SSH login host.

Thank you,

Systems Administrator