Thoughts of a SysAdmin

I thought I’d seen it all.  I mean, I’ve actually gotten the “cup holder” call about a CD-ROM drive before.  I really thought I’d heard every stupid question every idiot using a computer could ever have.  Until today, that is.  A friend of mine brought up an email he got at work that took the Stupid Prize away from me.  The email introduced me to the concept of font-sensitive passwords.

Wait, what?  Yes that’s right – evidently, according to the idiot on the other end of this email, an ‘a’ in Arial is a wholly different character from an ‘a’ in Calibri.  Or in Times New Roman.

Now, for those of you saying that this has some validity because they look different, I can understand where you’re coming from.  However, that’s just the appearance – the actual letter is known to the computer by an ASCII code, which basically means it’s “number 42″.  The computer doesn’t know that it looks any different – it just knows it as “number 42″.  So no, the ‘a’ in Arial is no different than the ‘a’ in Calibri.

So where di all this come from?  Well, let me paste the sanitized email that was shared with me, with permission of the aforementioned friend who shared it:

Hi StatsGuy,

I’ve discovered something odd about the login system for FileZilla:

My assigned user name and p/w were sent to me in an email by StudyGirl:

<username>

xxx’xxxxx

When I copy/paste the p/w from her original email into the FZ login, it works, but when I type it from my computer’s keyboard, it does not.

Unlike the reast of StudGiurl’s email (which was rendered in the Arial font), my user name and p/w were in the Calibri font in her email (presumably she copy/pasted those from an email from your database group).

Here is a copy/paste of that p/w:

xxx`xxxxx

You can see that the apostrophe looks quite different in the Calibri font than when rendered in the Arial font (or most other fonts). Indeed, when I copy/paste the Calibri p/w into the F/Z login, but replace the apostrophe with one generated by my keyboard, the p/w does not work.

Clearly, FZ p/ws are not only case-sensitive, they are also font-sensitive, which they should not be.  I’ve never heard of a font-sensitive p/w – that would be a very impractical thing to have.  I suggest that all FZ p/ws involve only letters and numbers – characters that could possibly be rendered differently by different computer systems should be eliminated.  Maybe this is a ‘Mac effect’ but FZ should be able to accept login from Macs just as wel from PCs.

It looks like I will have to have a different p/w assigned.  Can you please take care of that?

Thanks,

Guy that actually got through med school

Okay, so you’re telling me “well, a Mac might know it as a different number than a PC”, right?  Some of you probably are, except that’s not the case – otherwise, Macs and PCs wouldn’t be able to talk to each other at all.  The problem here is quite simple – if you look at the one character of the password that wasn’t x’ed out (sanitized), you’ll nitce a difference – a fairly important one.  What is the difference?  They are, in fact different characters – when you take a password that contains a backtick (back-quote) and replace that character with an apostrophe, you end up with a different (and in this case invalid) password.

That would be like saying “This computer should let me type a ‘c’ hen I really mean ‘t’!”  Umm, no…  you have to type the password CORRECTLY, dingus.

My friend, you win the contest.  I hope I’m never able to beat that story of stupidity.

Dear Programmer:

When you decide to up your job submission parameters from “batch of 20″ to “batch of 100″ and you’re already complaining about the cluster you’re submitting to being undersized and overutilized, you might want to LET YOUR SYSADMIN KNOW WHAT YOU’RE DOING.  You are an idiot.

Sincerely,

The Admins

When you want help from your neighborhood sysadmins, and you schedule a meeting with them for 10am, you should probably leave your house before 9:57, and not still be in your pajamas debugging a script.  We have a lot more to do than just deal with your little bitty part of the world, and we don’t like when you act as if you were more important than God Himself.

You come back from a week vacation, and the first system you ask me about is one that you put into non-usable maintenance mode and left there for 2+ weeks, when you see the backlog of 300+ unresolved trouble tickets?  When you know from reading email over your vacation that there are more important things that are actively causing problems, since this system is a secondary failover system?  Really?

It really isn’t.  It’s not exactly complex, but it is mind-numbingly convoluted, pedantic, and repetitive.  I’m trying to set up SNMP data collection for OpenNMS, and although the instructions I found seem simple, it’s getting to the point where things should be visible in in the web GUI that’s taking a ridiculously long time.  Pardon me whilst I go back to the grindstone…

I’ve seen a lot of bad things in my career, and admittedly I have a somewhat lesser tolerance for idiocy than I perhaps should.  However, I have also seen some good things – and more recently, some excellent things. Two come to mind immediately.

The first I’ve probably posted about before, but it deserves repeating.  In all my years as a sysadmin, I have never encountered a support group as universally excellent and smooth as NetApp’s.  I had a disk fail last night – the sixth disk total in just over a year – on my NetApp SAN.  The replacement was delivered before 8am today, waiting for me when I arrived at the office.  I even had an email telling me I was entitled to an on-site engineer should I need one to perform the replacement.  Granted, it seems a bit ridiculous, but it’s a standard response so even though the idea of having a field rep replace a disk for me is amusing, it’s ncie to know that the same flow would be automatically invoked for a more serious failure like a controller board.  Seriously, NetApp, you’re doing a hell of a job.  Keep it up.

The second item I wanted to mention was about SugarCRM.  I’ve been playing with it for a bit today, mostly because it’s something I’ve wanted to play with for a while.  The install for 6.0.0 (the Community edition, of course) was smooth, even if the questions were a bit confusing on the first read-through.  Overall, a nice product; it could use some improvement, but that would be icing on the cake, the cake itself is quite well done.

A famous line from “2001: A Space Odyssey”.  Although not directly, it fits my state of mind right now.  How is that a systems administrator can copy an LDAP client configuration from one system to another – line by line – and not realize that he’s putting incorrect information in?  That the system he’s pasting to has a different name than the name of the system he’s copying from?  And beyond that, how can he not realize that the configuration is outmoded and shouldn’t be done that way to begin with?  Good cripes…

I never, ever again want to hear from another systems administrator that “it’s not my job … to diagnose a problem.”  I can’t believe I just heard that from my supervisor.  And he was talking to the support people who have been trying to help him diagnose this issue for a week and a half.  “I have spent enough time on this isue.”  Well, no you haven’t.  You haven’t spent enough time on it until it’s solved.  The level of respect I have for him has hit an all-time low.

Just wow.

So I’m starting to deploy an OpenNMS instance for monitoring here at work.  I’ve played with it a bit previously, to test-flight it, and I’m overall quite impressed with it.  I do have a few things I’d like to see fixed, though – starting with the service configuration scheme.  Why in the name of the Little People is this done inside an XML file?  Honestly, I think it should be done inside the GUI and stored in the database – don’t make me write ugly XML when you can give me a nice GUI to create new services.

Okay, I understand that it would take a major effort to revamp that.  I can even understand, to some extent, why it was done that way in the first place.  But, I really do feel like this is something on the minus side for ONMS.

On a related note, The service pollers are all in one huge package, which makes it a bit difficult to change out what services get auto-discovered on what nodes when you want to exclude certain services from certain nodes to avoid false outages.  This is fairly trivial, in all honesty, but it’s still something that bugs me.  I’ve redone my poller configuration file to split the services, so I’m not having problems, I just really would like the sample to be done as a split set of poller packages.

I’ll write more as I play with it more, I’m just starting things right now – the production version has been active for all of 15 minutes.

Simple.  Because disks can and do fail at 3:21pm on Friday.  With NetApp, the replacement disk is being delivered to the datacenter at the same time the overworked sysadmin is reading the email notification of the failure – which is at 4pm the same day.  Under 40 minutes from failure to part delivery!  Storage questions?  The Answer is NetApp.