Thoughts of a SysAdmin

Not all of them involve making mistakes.  Some of them, and my most recent one, involve realizing just how much of an ass you’ve been in previous jobs by coming face-to-face with the same type of behavior from someone else in your current job.  Yes, this just happened to me, and I almost immediately realized I’d done the same type of thing in previous jobs.  Fortunately, I don’t think I’ve done it too often, but often enough to be embarrassed about it.

This is definitely something I’ll be keeping in mind as time goes on…  with luck, my new business venture will work out and I’ll have the opportunity to do something about all these little lessons I’ve learned over the course of my career.

When one of your people leaves the company / institution for another job, and that person was doing programming work that a second person in your group had expressed interest in, it is generally a poor management decision to retain the first person as a consultant (at, of course, highly inflated consultant rates) instead of moving the second person into the slot (even temporarily) to fill the need.  When someone leaves a company, the separation should be complete, signing a consulting deal with the newly departed simply rewards those who leave by giving them (in effect) a doubled salary and punishes those who stay by not allowing them the career growth they have ben requesting for the past 8 months plus.

Very poor decision.

I’m not really sure how to put this, so I’ll just lay it out straight.  You know how most organizations that sell computer hardware or software also sell support?  Well, this is for a reason.  When you’re about to buy $350,000 worth of hardware from one company, please don’t start talking about cutting out the $90,000 in support costs, purchasing no support, to throw that money at additional hardware since you already have support for some other hardware platform from some other company.  Even if both hardware platforms do roughly the same thing.  Just…  don’t go there.  Please.  The people that have to make things go want to have the support in place.  Really.

… is actually Master of most.  Unfortunately.  I am a systems administrator.  Let’s look at what I’ve done today…

- Discussed the pending breakdown of compute environments in another organization, trying to figure out how to mitigate said breakdown

- Buttered up a couple of sales people, playing the make-nice-nice game

- Replaced the staple pack in the copier

- Tracked down a missing shipment – well, started trying to, anyway

- Planned out a few projects on the whiteboard, but haven’t gotten clearance to initiate them yet

- Sent miscellaneous emails

Notice, nowhere in here do you see anything that deals directly with hands-on-keyboard sysadmin things.  What I wouldn’t give to be allowed to be the sysadmin I was hired to be.

I’ve just discovered a problem.  Specifically, something that I feel is a very major breach of basic security practices, leading to a situation where significantly confidential systems information is available publically on the internet to anyone, without need for any identification.  A fairly major security vulnerability, potentially a violation of not just my workplace policies, but of certain statutes that carry significant consequences if violated.

My nightmare is thus – the individual responsible for this violation is the “fair-haired golden boy” of the group, and nigh untouchable.  I have raised several issues of similar, if much lesser, import previously with both my supervisor and my boss, and have been told in no uncertain terms to “just leave well enough alone” (not an exact quote, of course).

What would you do?

Be Smart, Don’t Be Stupid.

In other words, don’t screw around with production systems in the middle of the day with no notice.  If you need to reconfigure a cluster environment, do so, but make sure you send out notification.  Don’t just do it blindly in the middle of the day with no notice and then disappear when the people using the cluster appear to say “yeah, all my jobs got killed, and qlogin no longer works for me…”

When I’m on it, do not call me asking me about piddly little crap that doesn’t much matter in the long run just because a programmer has his knickers in a twist about his programs being too slow.  I. Am. On. Vacation.

I thought I’d seen it all.  I mean, I’ve actually gotten the “cup holder” call about a CD-ROM drive before.  I really thought I’d heard every stupid question every idiot using a computer could ever have.  Until today, that is.  A friend of mine brought up an email he got at work that took the Stupid Prize away from me.  The email introduced me to the concept of font-sensitive passwords.

Wait, what?  Yes that’s right – evidently, according to the idiot on the other end of this email, an ‘a’ in Arial is a wholly different character from an ‘a’ in Calibri.  Or in Times New Roman.

Now, for those of you saying that this has some validity because they look different, I can understand where you’re coming from.  However, that’s just the appearance – the actual letter is known to the computer by an ASCII code, which basically means it’s “number 42″.  The computer doesn’t know that it looks any different – it just knows it as “number 42″.  So no, the ‘a’ in Arial is no different than the ‘a’ in Calibri.

So where di all this come from?  Well, let me paste the sanitized email that was shared with me, with permission of the aforementioned friend who shared it:

Hi StatsGuy,

I’ve discovered something odd about the login system for FileZilla:

My assigned user name and p/w were sent to me in an email by StudyGirl:

<username>

xxx’xxxxx

When I copy/paste the p/w from her original email into the FZ login, it works, but when I type it from my computer’s keyboard, it does not.

Unlike the reast of StudGiurl’s email (which was rendered in the Arial font), my user name and p/w were in the Calibri font in her email (presumably she copy/pasted those from an email from your database group).

Here is a copy/paste of that p/w:

xxx`xxxxx

You can see that the apostrophe looks quite different in the Calibri font than when rendered in the Arial font (or most other fonts). Indeed, when I copy/paste the Calibri p/w into the F/Z login, but replace the apostrophe with one generated by my keyboard, the p/w does not work.

Clearly, FZ p/ws are not only case-sensitive, they are also font-sensitive, which they should not be.  I’ve never heard of a font-sensitive p/w – that would be a very impractical thing to have.  I suggest that all FZ p/ws involve only letters and numbers – characters that could possibly be rendered differently by different computer systems should be eliminated.  Maybe this is a ‘Mac effect’ but FZ should be able to accept login from Macs just as wel from PCs.

It looks like I will have to have a different p/w assigned.  Can you please take care of that?

Thanks,

Guy that actually got through med school

Okay, so you’re telling me “well, a Mac might know it as a different number than a PC”, right?  Some of you probably are, except that’s not the case – otherwise, Macs and PCs wouldn’t be able to talk to each other at all.  The problem here is quite simple – if you look at the one character of the password that wasn’t x’ed out (sanitized), you’ll nitce a difference – a fairly important one.  What is the difference?  They are, in fact different characters – when you take a password that contains a backtick (back-quote) and replace that character with an apostrophe, you end up with a different (and in this case invalid) password.

That would be like saying “This computer should let me type a ‘c’ hen I really mean ‘t’!”  Umm, no…  you have to type the password CORRECTLY, dingus.

My friend, you win the contest.  I hope I’m never able to beat that story of stupidity.

Dear Programmer:

When you decide to up your job submission parameters from “batch of 20″ to “batch of 100″ and you’re already complaining about the cluster you’re submitting to being undersized and overutilized, you might want to LET YOUR SYSADMIN KNOW WHAT YOU’RE DOING.  You are an idiot.

Sincerely,

The Admins

When you want help from your neighborhood sysadmins, and you schedule a meeting with them for 10am, you should probably leave your house before 9:57, and not still be in your pajamas debugging a script.  We have a lot more to do than just deal with your little bitty part of the world, and we don’t like when you act as if you were more important than God Himself.