Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: WObff and Wnin et al.

202 views
Skip to first unread message
Message has been deleted

apeiron

unread,
Sep 29, 2012, 6:15:42 PM9/29/12
to
On 2012-09-29, Alec <abick...@invalid.invalid> wrote:
> THe next time I hear, Ops is only responsible for the OS, I am going punch the
> fscker.

You could take two positions here:

1. If ops is only responsible for the OS, ops isn't responsible for
anything but the OS. Therefore, the developer, not ops, should get the
3AM page.

2. Since everything runs on the OS, including the app, by induction ops
is responsible for everything.

At $WORK developers know full well that if the ops team can't figure out
their rathole of an app, they're getting a phone call. It's something of
a motivator to not suck.

--
apeiron

Shmuel Metz

unread,
Sep 30, 2012, 3:57:49 PM9/30/12
to
In <k46q35$ku5$2...@dont-email.me>, on 09/29/2012
at 02:37 PM, Alec <abick...@invalid.invalid> said:

>What is it with ops guys and Wnin?.

Load shedding.

>How does installing and configuring a WObff or NpvirZD suddenly go
>from infrastructure becoming the responsibility of the develops.

The developers want it done right?

>THe next time I hear, Ops is only responsible for the OS, I am going
>punch the fscker.

Hand punch or hydraulic?

--
Shmuel (Seymour J.) Metz <http://patriot.net/~shmuel> ISO position
Reply to domain Patriot dot net user shmuel+bspfh to contact me.
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

David Cameron Staples

unread,
Sep 30, 2012, 8:24:29 PM9/30/12
to
On 29/09/12 10:37 PM, Alec wrote:
> What is it with ops guys and Wnin?.

"Jr arrq Wnin."
"Gung'f svar: gur irefvba va gur fgnaqneq ercbf vf BcraWnin."
"Ab, jr arrq *Wnin* Wnin, abg guvf xabpx-bss fuvg."
"Nu, fb lbh arrq *Fha* Wnin, lrf?"
"Ab, vg fnlf urer 'Benpyr' Wnin."
"Lrf, gur Wnin pheeragyl cebivqrq ol Benpyr vf pnyyrq 'Fha' Wnin sbe
uvfgbevpny ernfbaf."
"Ohg jr arrq Benpyr Wnin. Vg'f sbe Benpyr. Naq fghss."
*fvtu* "Svar. V'yy ybnq hc gur fcrpvny ercbfvgbel juvpu vf shyy bs Wnin,
naq vafgnyy 'Benpyr' Wnin sbe lbh."
"Irefvba 1.4.31.415927."
"Pheerag irefvba bs Wnin vf 1.7.159."
"Jr arrq Irefvba 1.4.31.415927. Vg fnlf fb ba gur ohvyq erdhverzragf
evtug urer."
"Gb gung qrterr bs cerpvfvba? Ernyyl? Jnvg, jung nz V fnlvat, fbzr
Cebwrpg Znantre phg naq cnfgrq vg jvgu ab pbafpvbhf gubhtug vagreiravat,
bs pbhefr vg'f gb gung qrterr bs cerpvfvba. Jung nobhg onpxhcf?"
"Bu, lrf, jr'yy arrq gur flfgrz hcqngrq jvgu nyy eryrinag frphevgl
cngpurf naq hctenqrf. Rkprcg sbe Wnin."
"... Orpnhfr *bayl* guvf irefvba jvyy jbex, evtug?"
"... Orpnhfr gung'f jung gur ohvyq qbphzragf fnl."
"Unir lbh gevrq vg ba n pheerag irefvba?"
"... Ohg gur ohvyq qbphzragf..."
"Bs pbhefr. Fb Wnin unf gb or erzbirq sebz gur onpxhc plpyr, rira
gubhtu vg'f zbfg yvxryl gb cebivqr gur mreb-qnl rkcybvg bs gur jrrx.
Svar. Vg'f vafgnyyrq abj. Purpx vg, cyrnfr."
"Vg'f abg jbexvat."
"Jung'f abg jbexvat? Wnin? 'wnin -I' tvirf zr gur irefvba lbh
fcrpvsvrq..."
"Gbzpng jba'g fgneg."
"Lbh arire zragvbarq Gbzpng."
"Jryy, jr arrq Gbzpng. Naq ebbg npprff fb gung jr pna frg vg hc yvxr
va gur ohvyq qbphzragf."
"Ab. Lbh jvyy abg trg Ebbg. Abg sbe gung, abg sbe nalguvat."
"Lbh'er orvat bofgehpgvir."
"Lrf. V'z bofgehpgvat lbh sebz znxvat guvf znpuvar vzcbffvoyr gb
znvagnva."
"Jryy, jr arrq npprff gb gur Gbzpng pbasvt svyrf."
"V'ir frg hc fbzr tebhc crezvffvbaf, fb lbh fubhyq or noyr gb npprff
gurz abj."
"Vg'f abg jbexvat."
"Jung abj?"
"Jr arrq gur 32ovg Wnin."
"Ohg jr tnir lbh 16TO bs zrzbel whfg sbe guvf nccyvpngvba!"
"Vg jba'g eha ba 64ovg Wnin."
"Svar. 32ovg vafgnyyrq abj."
"Vg'f fgvyy hfvat gur 64ovg irefvba."
"Svar, gur 64ovg irefvba vf chetrq."
"Vg'f fgvyy abg jbexvat."
"Gur cbegf lbh zragvbarq ner bcra. Gur svyrf unir gur evtug
crezvffvbaf. Wnin frrzf gb or jbexvat svar, naq gur Gbzpng freivpr
fgnegf jvgubhg reebe."
"Vg fgvyy qbrfa'g jbex. Gurer zhfg or fbzrguvat lbh qvq jvgu gur Wnin
vafgnyyngvba juvpu vf oybpxvat bhe pbqr."
"V ybbxrq ng gur ybtf chg bhg ol lbhe pbqr. Vg'f ercbegvat snvyher
orpnhfr bs fbzrguvat gb qb jvgu ybpxsvyr pbagragvba. V guvax. V'z abg n
Wnin rkcreg. Jul nz V qrohttvat lbhe pbqr?"
"Orpnhfr vg qbrfa'g jbex. Naq vg'f lbhe snhyg fbzrubj. Vg'f ba n
znpuvar lbh znantr, gurersber vg'f lbhe ceboyrz gb svk vg."
...
"Jr'ir nfxrq gur iraqbe, naq gurl fnl gung lbh vafgnyyrq gur jebat
irefvba bs Gbzpng. Naq jr arrq gur 32ovg irefvba. Naq jr unir gb cngpu
gur Gbzpng. Naq jr arrq gb eha na nabalzbhf SGC freire. Nf ebbg."



Or, we could carve off a few gig of diskspace, give it to the Wnin devs,
and say "You need a specific version of Wnin, install it there. You need
a bespoke version of Gbzpng, install it there. You need a hand hacked
version of WObff, ZlFDY, Benpyr, whatever, install it there. You need
help when your code doesn't work: prove it's the OS doing it, and to do
that you will have to explain why the same environment works with all
these other apps everywhere else. Now go! Go and earn your salaries.


>
> How does installing and configuring a WObff or NpvirZD suddenly go from
> infrastructure becoming the responsibility of the develops.

When your installation instructions do not work, and suddenly it's up to
us to debug your code.

<snip>

>
> THe next time I hear, Ops is only responsible for the OS, I am going punch the
> fscker.

Ops is only responsible for the OS. We will provide Java for you. We
will not fuck around with it indefinitely because when it comes to the
sort of configurations which Java apps typically demand, it's well
outside our skillset, and we like it that way. Within reason, tell us
what you need done, and we'll do it. We will tell you if your demands^W
requests are not reasonable. We will then negotiate how to achieve your
requirements. No, we will not give you root. Or equivalent access. No,
not even "%devs ALL=(root) /bin/cat".

Love, Ops.

--
David Cameron Staples | staples AT unimelb DOT edu DOT au
Melbourne University | ITS | Hosting | Unix Operations
Ninja Monkeys... Attack!
Message has been deleted

Lawns 'R' Us

unread,
Oct 1, 2012, 6:38:37 AM10/1/12
to
On 2012-10-01, Michel <ab...@rubberchicken.nl> wrote:
> "We want sudo for cp, mv, rm, cat, grep, rsync, vim."
> "And I want a pool with a villa in the garden. I asked what you need
> to *DO* that requires root, not what tools you think you need."

*twitch*

If I had a dollar for every time somebody's asked me to do something
that runs completely counter to $BACKUP_PACKAGE, and I've had to
explain, in gruesome detail, why what they are asking for is not an
option - followed by asking them exactly what it is that they're
trying to achieve from a business perspective - I'd probably be pretty
close to retirement by now.

"Don't tell me how to do my job. Tell me what you need, and I'll tell
you how best to go about it", probably sums it up - and, of course,
that statement immediately gets us all labelled as being Not Team
Players.
Message has been deleted

c...@nospam.netunix.com

unread,
Oct 1, 2012, 7:07:19 AM10/1/12
to
Lawns 'R' Us <nob...@nowhere.example.com> wrote:
>
> "Don't tell me how to do my job. Tell me what you need, and I'll tell
> you how best to go about it", probably sums it up - and, of course,
> that statement immediately gets us all labelled as being Not Team
> Players.

Nah, I'm an excellent team player so long as the team does exactly what I
damn well tell them.
Obedience breeds success, disent in the ranks will not be tolerated.

--
From the quill of Chris Newport g4jci.

Lawns 'R' Us

unread,
Oct 1, 2012, 7:12:30 AM10/1/12
to
On 2012-10-01, Roger Burton West <roger+a...@nospam.firedrake.org> wrote:
> On 2012-10-01, Lawns 'R' Us wrote:
>>"Don't tell me how to do my job. Tell me what you need, and I'll tell
>>you how best to go about it", probably sums it up
>
> Yup. Along with "you're paying me to know all the low-level stuff, so
> why are you trying to do it yourself" (mutated with various degrees of
> politeness depending on the context).

I prefer to not go there, considering that most of those with whom I
interact are not the ones who are paying me. Better to leave such
things unspoken.

>>and, of course,
>>that statement immediately gets us all labelled as being Not Team
>>Players.
>
> Wouldn't you prefer a nice game of chess?

Given a free choice, I'd rather a nice game of Power Grid. Or Ticket
to Ride. Or maybe Dominion. Or if I'm in a cooperative mood, Flash
Point or Pandemic. If I'm in a frivolous mood, Nuns on the Run.

(No prizes for guessing what the current hobby is.)

I haven't played chess in _years_.

And yes, I know the reference.
Message has been deleted
Message has been deleted

Alec

unread,
Oct 1, 2012, 1:06:56 PM10/1/12
to
on 01/10/12 02:24 David Cameron Staples gazed into the seeing stone and said...:
> On 29/09/12 10:37 PM, Alec wrote:
>> What is it with ops guys and Wnin?.

<snip>

I did state that we can provide a list of resources required. If your developers
cannot, then they require re-education.


>>
>> How does installing and configuring a WObff or NpvirZD suddenly go from
>> infrastructure becoming the responsibility of the develops.
>
> When your installation instructions do not work, and suddenly it's up to
> us to debug your code.

I don't think you understand what I saying. We're happy to provide ops with the
resources that our code needs. Through the wonders of science they can even be
verified, within the container. If these things are configured correctly then
it'll be fine.

Not so. Ops should configure the containers according to the fine documentation
that is sometimes known to exist. When this is missing, sure get the developers
involved.

If it's left to the developers to manage, you'll end up running Tomcat without a
security manager and the default shutdown command enabled.

>>
>> The next time I hear, Ops is only responsible for the OS, I am going punch the
>> fscker.
>
> Ops is only responsible for the OS. We will provide Java for you. We
> will not fuck around with it indefinitely because when it comes to the
> sort of configurations which Java apps typically demand, it's well
> outside our skillset, and we like it that way. Within reason, tell us
> what you need done, and we'll do it. We will tell you if your demands^W
> requests are not reasonable. We will then negotiate how to achieve your
> requirements. No, we will not give you root. Or equivalent access. No,
> not even "%devs ALL=(root) /bin/cat".
>
> Love, Ops.
>
Would you mind providing your OADS co-ordinates?


Cipher

unread,
Oct 1, 2012, 6:23:44 PM10/1/12
to
On 10/1/2012 6:38 AM, Lawns 'R' Us wrote:
> "Don't tell me how to do my job. Tell me what you need, and I'll tell
> you how best to go about it", probably sums it up - and, of course,
> that statement immediately gets us all labelled as being Not Team
> Players.

"Tell me what you want, then leave me the hell alone. Do not tell me
*how* to do do it, because you will be wrong." --sign on my office door
$job[-9 or so].


--
The word "urgent" is the moral of the story "The boy who cried wolf". As
a general rule I don't believe it until a manager comes to me almost in
tears. I like to catch them in a cup and drink them later.
-- Matt Holiab, in the Monastery

John F. Eldredge

unread,
Oct 1, 2012, 7:47:16 PM10/1/12
to
On Sun, 30 Sep 2012 15:57:49 -0400, Shmuel (Seymour J.) Metz wrote:

> In <k46q35$ku5$2...@dont-email.me>, on 09/29/2012
> at 02:37 PM, Alec <abick...@invalid.invalid> said:
>
>>What is it with ops guys and Wnin?.
>
> Load shedding.
>
>>How does installing and configuring a WObff or NpvirZD suddenly go from
>>infrastructure becoming the responsibility of the develops.
>
> The developers want it done right?
>
>>THe next time I hear, Ops is only responsible for the OS, I am going
>>punch the fscker.
>
> Hand punch or hydraulic?

Why think small? Use a shaped charge.

--
John F. Eldredge -- jo...@jfeldredge.com
"Reserve your right to think, for even to think wrongly
is better than not to think at all." -- Hypatia of Alexandria

TimC

unread,
Oct 2, 2012, 3:15:20 AM10/2/12
to
On 2012-10-01, Alec (aka Bruce)
was almost, but not quite, entirely unlike tea:
> on 01/10/12 02:24 David Cameron Staples gazed into the seeing stone and said...:
>> On 29/09/12 10:37 PM, Alec wrote:
>>> What is it with ops guys and Wnin?.
>
> <snip>
>
> I did state that we can provide a list of resources required. If your developers
> cannot, then they require re-education.

Are you smart enough to not develop your code on systems that are not
the standard operating environment? Does your list of requirements
only include versions and packages that are actually available on the
target platform? From the correct operating system? Do your
startup/shutdown/monitoring scripts play nicely with the clustered
highly available production environment? When you were testing, did
you test on a provided VM, or only against Very Latest Shiny version
running on smuggled in unsupported system running under your desk?

If so, you *may* be smarter than our users. But we have yet to find
any of those mythical users. One Real Urgent Now project even
provides their dependencies in the form of Qrovna packages, when our
SOE is EURY5 or 6. The project manager for that project has had too
much coffee, and most of the people on this floor (very few of them
ops related), all from very different sections, can be overheard
talking about how this guy is setting himself and some other very high
level guys up for failure Very Soon Now.


Hello, you seem to have stumbled into an ops USENET group
accidentally. Did you bring any single malt for us to enjoy while the
fire is being stoked up and the water coming up to boil?

--
TimC
It's the _target_ that supposed to go "F00F", not the processor.
-- Mike Andrews, on Pentiums in missiles
Message has been deleted
Message has been deleted

David Cameron Staples

unread,
Oct 2, 2012, 7:21:43 AM10/2/12
to
On Mon, 01 Oct 2012 19:06:56 +0200, Alec wrote:

> on 01/10/12 02:24 David Cameron Staples gazed into the seeing stone and
> said...:
>> On 29/09/12 10:37 PM, Alec wrote:
>>> What is it with ops guys and Wnin?.
>
> <snip>
>
> I did state that we can provide a list of resources required.

That makes you unique in my experience.

> If your
> developers cannot, then they require re-education.

What's with the "re-"?

>>> How does installing and configuring a WObff or NpvirZD suddenly go
>>> from infrastructure becoming the responsibility of the develops.
>>
>> When your installation instructions do not work, and suddenly it's up
>> to us to debug your code.
>
> I don't think you understand what I saying. We're happy to provide ops
> with the resources that our code needs. Through the wonders of science
> they can even be verified, within the container. If these things are
> configured correctly then it'll be fine.

The complete, correct and current specs? That would make you unique in my
experience.

>
> Not so. Ops should configure the containers according to the fine
> documentation that is sometimes known to exist. When this is missing,
> sure get the developers involved.

"Exist" != "Useful".

That's when it even exists.

>
> If it's left to the developers to manage, you'll end up running Tomcat
> without a security manager and the default shutdown command enabled.
>

That's why the Security Audit team have cluebats with nails in them.

>>> The next time I hear, Ops is only responsible for the OS, I am going
>>> punch the fscker.
>>
>> Ops is only responsible for the OS. We will provide Java for you. We
>> will not fuck around with it indefinitely because when it comes to the
>> sort of configurations which Java apps typically demand, it's well
>> outside our skillset, and we like it that way. Within reason, tell us
>> what you need done, and we'll do it. We will tell you if your demands^W
>> requests are not reasonable. We will then negotiate how to achieve your
>> requirements. No, we will not give you root. Or equivalent access. No,
>> not even "%devs ALL=(root) /bin/cat".
>>
>> Love, Ops.
>>
> Would you mind providing your OADS co-ordinates?

127.0.0.1

Go nuts.

Wojciech Derechowski

unread,
Oct 2, 2012, 9:50:32 AM10/2/12
to
On 2012-10-02, David Cameron Staples <sta...@unimelb.edu.au.NOSPAM> wrote:
>>
>> If it's left to the developers to manage, you'll end up running Tomcat
>> without a security manager and the default shutdown command enabled.
>>
>
> That's why the Security Audit team have cluebats with nails in them.
>

I often wonder why these don't work except in the extreme firing offense
cases. Anyway, I tried to distribute small rubber brains[0] before they
suprisingly became items of professional pride.

WD
[0] Sorry, no photo available at this time.
--
Who is Entscheidungs and what is his problem?

Message has been deleted

Brian Kantor

unread,
Oct 2, 2012, 12:56:07 PM10/2/12
to
Wojciech Derechowski <wdd...@um5000.mystora.com> wrote:
>Anyway, I tried to distribute small rubber brains[0] before they
>suprisingly became items of professional pride.

I am astonished that Archie McPhee doesn't have any small rubber
brains in their catalog. They do have a "Zombie Brain Gelatin Mold"
which could be used to make some, I suppose. Sigh. I guess I'll
just have to order a few more Martian Popping Things.
- Brian

Message has been deleted

Graham Reed

unread,
Oct 2, 2012, 3:30:21 PM10/2/12
to
ab...@127.0.0.1 writes:
> Their failure to secure sufficient funding to maintain staff
> levels required to keep this circus going does constitute an
> emergency on my part -- in that it prompts me to keep my resume
> up to date and keep an eye out for other unrecovery options.

Been there, done that, starting across the pond in the new year....

--
"...and 8 inches is really not that impressive."
-- Kari Byron, Mythbuster

mrob...@att.net

unread,
Oct 3, 2012, 1:02:37 AM10/3/12
to
Graham Reed <gr...@pobox.com> wrote:
> ab...@127.0.0.1 writes:
>> Their failure to secure sufficient funding to maintain staff
>> levels required to keep this circus going does constitute an
>> emergency on my part -- in that it prompts me to keep my resume
>> up to date and keep an eye out for other unrecovery options.
>
> Been there, done that, starting across the pond in the new year....

The little pond a few km directly south of you, or the big big pond
several hundred km directly east of you?

Or are you counting humidity as a very diffuse pond, and you finally
landed (?) that job on the ISS?

Matt Roberds

Alec

unread,
Oct 3, 2012, 3:47:15 PM10/3/12
to
on 02/10/12 13:21 David Cameron Staples wrote:
> On Mon, 01 Oct 2012 19:06:56 +0200, Alec wrote:
>
>> on 01/10/12 02:24 David Cameron Staples gazed into the seeing stone and
>> said...:
>>> On 29/09/12 10:37 PM, Alec wrote:
>>>> What is it with ops guys and Wnin?.
>>
>> <snip>
>>
>> I did state that we can provide a list of resources required.
>
> That makes you unique in my experience.

Before 'they' put me on the development side of the fence, I was ops. this
provides a bit of inspiration every now and then.

>> If your
>> developers cannot, then they require re-education.
>
> What's with the "re-"?

This is basic stuff. Really? I'm shocked!

>>> When your installation instructions do not work, and suddenly it's up
>>> to us to debug your code.
>>
>> I don't think you understand what I saying. We're happy to provide ops
>> with the resources that our code needs. Through the wonders of science
>> they can even be verified, within the container. If these things are
>> configured correctly then it'll be fine.
>
> The complete, correct and current specs? That would make you unique in my
> experience.

I'm referring to Datasources, Logging, Security contexts etc... These are all
documented to a reasonable extent. Even so far as managing the security keys
used in production.

>> Not so. Ops should configure the containers according to the fine
>> documentation that is sometimes known to exist. When this is missing,
>> sure get the developers involved.
>
> "Exist" != "Useful".
>
> That's when it even exists.

True, WObff 7 is the exception that proves being a crack addict is still *not*
considered a handicap in development. That is why you never let any bleeding
edge software into production, correct?

>> If it's left to the developers to manage, you'll end up running Tomcat
>> without a security manager and the default shutdown command enabled.
>>
>
> That's why the Security Audit team have cluebats with nails in them.

Security audit. You're funny. You have a security team that knows what Gbzpng is?

Joe Zeff

unread,
Oct 3, 2012, 5:44:20 PM10/3/12
to
On Wed, 03 Oct 2012 21:47:15 +0200, Alec wrote:

> That is why you never let any bleeding
> edge software into production, correct?

I use GangsterHat Yvahk and I'm a member of a pbzzhavgl-fhccbeg znvyvat
yvfg for it. I'm constantly amazed when I find out how many of the other
members are using this in a production environment.

--
Joe Zeff -- The Guy With The Sideburns:
http://www.zeff.us http://www.lasfs.info
Talk is cheap because the supply
always exceeds the demand.

Graham Reed

unread,
Oct 3, 2012, 4:18:28 PM10/3/12
to
mrob...@att.net writes:
> The little pond a few km directly south of you, or the big big pond
> several hundred km directly east of you?

The big big one to the east. I decided against traversing the one a
couple of km to the south.

--
"If you only do anything once, it's always your personal best."
-- Rick Mercer

David Cameron Staples

unread,
Oct 3, 2012, 8:12:31 PM10/3/12
to
On 4/10/12 5:47 AM, Alec wrote:
> on 02/10/12 13:21 David Cameron Staples wrote:
>> On Mon, 01 Oct 2012 19:06:56 +0200, Alec wrote:
>>
>>> on 01/10/12 02:24 David Cameron Staples gazed into the seeing stone and
>>> said...:
>>>> On 29/09/12 10:37 PM, Alec wrote:
>>>>> What is it with ops guys and Wnin?.
>>>
>>> <snip>
>>>
>>> I did state that we can provide a list of resources required.
>>
>> That makes you unique in my experience.
>
> Before 'they' put me on the development side of the fence, I was ops. this
> provides a bit of inspiration every now and then.
>
>>> If your
>>> developers cannot, then they require re-education.
>>
>> What's with the "re-"?
>
> This is basic stuff. Really? I'm shocked!

If Gigantic Azure vendors can't figure it out, I submit that it's not a
restricted problem.

Frevbhfyl, guvf thl jnf nfxvat sbe n "Qrfxgbc" naq ebbg npprff ba n
Qrnqeng IZ, fb ur pbhyq qbhoyr-pyvpx naq vafgnyy gur 3.5TO gne svyr
pbagnvavat vgf bja fgnaqnybar Wnin vafgnyyngvba, Rpyvcfr naq Jro freire
(V'z cerggl fher Gbzpng), fb gung vg pbhyq snvy gb or noyr gb pbaarpg gb
bhe pbafbyvqngrq qngnonfr.

>
>>>> When your installation instructions do not work, and suddenly it's up
>>>> to us to debug your code.
>>>
>>> I don't think you understand what I saying. We're happy to provide ops
>>> with the resources that our code needs. Through the wonders of science
>>> they can even be verified, within the container. If these things are
>>> configured correctly then it'll be fine.
>>
>> The complete, correct and current specs? That would make you unique in my
>> experience.
>
> I'm referring to Datasources, Logging, Security contexts etc... These are all
> documented to a reasonable extent. Even so far as managing the security keys
> used in production.

What about packages down to the minor revision and architecture, for the
wrong version of the OS? What about demanding very specific kernel
parameters which not only conflict with at least one other required
package, but are not in fact provided by the kernel in use? What about
specifying that such-and-such a group must have ssh access, but
forgetting to specify what addresses should be allowed? What about
knowing that the app requires some ports being open, but forgetting
which ones, can we just make everything world accessible?

What about implementing logging by insisting we install something in
parallel to the syslog which everything else uses. (Or simply writing to
log files in some random location and getting annoyed with us when the
disk fills up because the buggy code is filling up GBs of log files
which syslog is ignorant of, and the app won't have the ability to
rotate them for another couple of versions.

>
>>> Not so. Ops should configure the containers according to the fine
>>> documentation that is sometimes known to exist. When this is missing,
>>> sure get the developers involved.
>>
>> "Exist" != "Useful".
>>
>> That's when it even exists.
>
> True, WObff 7 is the exception that proves being a crack addict is still *not*
> considered a handicap in development. That is why you never let any bleeding
> edge software into production, correct?

You're funny.

>
>>> If it's left to the developers to manage, you'll end up running Tomcat
>>> without a security manager and the default shutdown command enabled.
>>>
>>
>> That's why the Security Audit team have cluebats with nails in them.
>
> Security audit. You're funny. You have a security team that knows what Gbzpng is?
>

*Snort* Of course not. Nor the vendors they brought in who gave us a set
of scripts and a java blob and told us to run it as root.

We, of course, vetted these scripts before doing anything with them (No,
we will not just hand over /etc/shadow. If you want it, come and take
it.), and corrected some of the more crippling fails.

("Did you run our script?"
"Yes."
"As root, like we told you to?"
"Yep."
"Did you email us the tar file with the contents, as we suggested?"
"Yes."
"Did you check the script first?"
"Um..."
"Did you check the contents of the tar file before you sent it to us?"
"Ah..."
"Did you even encrypt the email?"
"Oh..."
"So, to summarise, you ran an unknown script as root without even
looking at it, sent the output to a third party without even looking at
it, and you sent it over the internet in the clear. You have failed this
audit.")

Still, they found some small stuff we'd missed, and corrected. And they
found a lot else in which applying their recommendations would make our
system *less* secure.

--
David Cameron Staples | staples AT unimelb DOT edu DOT au
Melbourne University | ITS | Hosting | Unix Operations
I for one, do not like to damage my precious equipment, especially
when it involves repeatedly hitting it with a computer.
-- Peter Corlett, in the Monastery

ppint. at pplay

unread,
Oct 3, 2012, 8:22:10 PM10/3/12
to
- hi; Roger Burton West enqu[ir,ot]ed:
> Lawns 'R' Us wrote:
>>"Don't tell me how to do my job. Tell me what you need, and I'll tell
>>you how best to go about it", probably sums it up
>[]
>>and, of course, that statement immediately gets us all labelled as being
>>Not Team Players.
>
>Wouldn't you prefer a nice game of chess?

- panjandrum chess?

- love, ppint.

pp.s - and it _could_ be a team game - of sorts...
[drop the "v", and change the "f" to a "g", to email or cc.]
--
"only two groups of people in society actually behave
in a completely logical, self-interested way: one of
these is economists themselves; the other is psychopaths."
- "the trap" - bbc2 18/3/07 [3/18/07 for merkins] 21:55 GMT

mrob...@att.net

unread,
Oct 4, 2012, 12:27:21 AM10/4/12
to
Graham Reed <gr...@pobox.com> wrote:
> mrob...@att.net writes:
>> The little pond a few km directly south of you, or the big big pond
>> several hundred km directly east of you?
>
> The big big one to the east.

That's a hell of a relocation. Also, most of the people I know of that
have crossed the same pond have been going the other direction.

It's quite peculiar in a funny sort of way...

Matt Roberds

Message has been deleted

Wojciech Derechowski

unread,
Oct 4, 2012, 1:52:37 AM10/4/12
to
On 2012-10-04, David Cameron Staples <sta...@unimelb.edu.au.NOSPAM> wrote:
> On 4/10/12 5:47 AM, Alec wrote:
>> on 02/10/12 13:21 David Cameron Staples wrote:
>>> On Mon, 01 Oct 2012 19:06:56 +0200, Alec wrote:
>>>
>>> [...]
>>>
>>>> If it's left to the developers to manage, you'll end up running Tomcat
>>>> without a security manager and the default shutdown command enabled.
>>>>
>>>> [...]
>>>
>>> That's why the Security Audit team have cluebats with nails in them.
>>
>> Security audit. You're funny. You have a security team that knows what
>> Gbzpng is?
>>
>
> *Snort* Of course not. Nor the vendors they brought in who gave us a set
> of scripts and a java blob and told us to run it as root.
>
> [...]
>
> Still, they found some small stuff we'd missed, and corrected. And they
> found a lot else in which applying their recommendations would make our
> system *less* secure.

Security team relying on vendors and asking *you* to run their scripts?
I don't think so. Are you sure you weren't talking to some thinly
disguised sales and marketing weasels? In the end, did they succeed in
feeding you any random cruft?

WD
Message has been deleted
Message has been deleted

Graham Reed

unread,
Oct 4, 2012, 5:10:40 PM10/4/12
to
Gary Barnes <g...@adminspotting.org> writes:
> If I recall correctly, Graham has already made that trip, and this is more
> of a re-relocation. Unrelocation?

Graham has never been to that side of the pond and is still waiting to
be called "completely fucking insane" on the subject.

Though he will acknowledge the "peculiar" part.

--
"You are a winner. But that doesn't mean you aren't a loser."
-- [jealous] co-worker after I won two iPods

mrob...@att.net

unread,
Oct 6, 2012, 3:04:56 PM10/6/12
to
Graham Reed <gr...@pobox.com> wrote:
> Gary Barnes <g...@adminspotting.org> writes:
>> If I recall correctly, Graham has already made that trip, and this is
>> more of a re-relocation. Unrelocation?
>
> Graham has never been to that side of the pond and is still waiting to
> be called "completely fucking insane" on the subject.

Matt was making an attempt in that direction, but perhaps it was too
subtle.

Matt Roberds

Robert Uhl

unread,
Oct 9, 2012, 10:30:15 AM10/9/12
to
David Cameron Staples <sta...@unimelb.edu.au.NOSPAM> writes:
>
> If Gigantic Azure vendors can't figure it out, I submit that it's not a
> restricted problem.

Vs Tvtnagvp Nmher pna'g svther vg bhg, V'z abg fhecevfrq. Vg'f n
pbzcnal jvgu n irel srj irel fzneg crbcyr naq n terng qrny bs punve
jnezref.

--
Love is a snowmobile racing across the tundra and then suddenly it
flips over, pinning you underneath. At night, the ice weasels
come. --Matt Groening

Lawns 'R' Us

unread,
Oct 9, 2012, 7:26:27 PM10/9/12
to
On 2012-10-09, Robert Uhl <eadm...@NOSPAMgmail.com> wrote:
> David Cameron Staples <sta...@unimelb.edu.au.NOSPAM> writes:
>>
>> If Gigantic Azure vendors can't figure it out, I submit that it's not a
>> restricted problem.
>
> Vs Tvtnagvp Nmher pna'g svther vg bhg, V'z abg fhecevfrq. Vg'f n
> pbzcnal jvgu n irel srj irel fzneg crbcyr naq n terng qrny bs punve
> jnezref.

Vaqrrq. Gur crbcyr V jbexrq jvgu (nf va, vzzrqvngr pbyyrnthrf) jrer
cerggl pyhrq va. Ohg gurer jnf n irel fgebat chfu gb zbir jbex gb
Vaqvn, naq zl rkcrevrapr jvgu gur Vaqvna fgnss jnf ... abg fnyhgnel.
Yrg'f whfg fnl gung gur jubyr vqrn bs "lbh arrq gb ybbx ng gur ybtf
naq svther bhg jung'f tbvat ba sebz gur birenyy fvghngvba; gurer ner
ab uneq naq snfg ehyrf" jnf arne vzcbffvoyr sbe gurz gb tenfc.

Qba'g trg zr jebat. V unir jbexrq jvgu fbzr _irel_ pyhrq va Vaqvnaf va
zl gvzr. Gebhoyr vf, vg frrzf gung gurl graq gb zvtengr gb pbhagevrf
(Nhfgenyvn, gur HF, gur HX) jurer gurl pna rnea n ybg zber zbarl guna
onpx ubzr, yrnivat gur yrff-pyhrq (be, eneryl, gur yrff-rkcrevraprq)
onpx va Vaqvn.

Peter Corlett

unread,
Oct 12, 2012, 6:38:19 AM10/12/12
to
Graham Reed <gr...@pobox.com> wrote:
[...]
> Graham has never been to that side of the pond and is still waiting to be
> called "completely fucking insane" on the subject.
> Though he will acknowledge the "peculiar" part.

Are you moving to the UK, or somewhere more civilised?

Graham Reed

unread,
Oct 12, 2012, 3:42:29 PM10/12/12
to
ab...@mooli.org.uk (Peter Corlett) writes:
> Are you moving to the UK, or somewhere more civilised?

Going right to the bottom: London.

Hey, who tricked the sigmonster?

--
"Don't talk. Just drink."
-- Penny
Message has been deleted

Peter Corlett

unread,
Oct 12, 2012, 6:59:04 PM10/12/12
to
Graham Reed <gr...@pobox.com> wrote:
> ab...@mooli.org.uk (Peter Corlett) writes:
>> Are you moving to the UK, or somewhere more civilised?
> Going right to the bottom: London.

The bottom in more ways than one. My greatest condolences. Still, most of the
work's in London[0], which is how come there are so many of us here.

> Hey, who tricked the sigmonster?
> --
> "Don't talk. Just drink."
> -- Penny

You will be pleased to discover that London has a burgeoning Real Ale scene.
Every time I look, a new brewery seems to have opened. Give us a shout when
you're here to get a tour of the good places.


[0] London accounts for about 10% of the population of the UK, and about 40% of
the IT jobs.

Graham Reed

unread,
Oct 15, 2012, 2:36:53 PM10/15/12
to
ab...@mooli.org.uk (Peter Corlett) writes:
> The bottom in more ways than one. My greatest condolences. Still, most of the
> work's in London[0], which is how come there are so many of us here.

Given the job doesn't even exist in this particular ex-colony, I can
empathize with that.

And I'll worry more about proper advice and tours and things once little
insignificant details like actually-getting-there-and-being-allowed-
to-work are sorted out.

--
"I'd be quite in favour of a military takeover of that benighted city,
except that I _like_ the military and wouldn't want to stick them with
it." -- AdB, about Toronto

Ben Coleman

unread,
Oct 17, 2012, 10:19:27 PM10/17/12
to
I keep glancing at the Subject and thinking I'm seeing "Wouff Hong", a
LART well known among the early ham community. Appropriate for this
place, I'm sure, but somewhat unexpected.

Message has been deleted

Hans Klager

unread,
Nov 5, 2012, 11:05:28 PM11/5/12
to
On Mon, 5 Nov 2012 22:35:04 -0500, AdB <ab...@leftmind.net> wrote:
> Graham Reed posted thus:
>>Gary Barnes <g...@adminspotting.org> writes:
>>> If I recall correctly, Graham has already made that trip, and this is more
>>> of a re-relocation. Unrelocation?
>>
>>Graham has never been to that side of the pond and is still waiting to
>>be called "completely fucking insane" on the subject.
>
> You posted that a _month_ ago and the Monastery is so dead nobody's
> posted the obligatory? Ok, you're completely fucking insane. You're
> welcome.

Both sides are fucked. Just fucked in different ways.

Right now, I think the EU vesrion of fucked looks better
long term than the US version of fucked.



--
In Pierre Trudeau, Canada has finally produced a Prime Minister worthy of
assassination. - John Diefenbaker

Maarten Wiltink

unread,
Nov 6, 2012, 3:42:54 AM11/6/12
to
"Hans Klager" <hans....@gmail.com> wrote in message
news:slrnk9h348.cl...@adeed.tele.com...
[...]
> Right now, I think the EU vesrion of fucked looks better
> long term than the US version of fucked.

And just this morning, I was musing how the US are completely
dominant culturally, technologically, and militarily.

It's really quite impressive, considering all the backwards
pressure they put on themselves. Perhaps we old-worlders really
are that lame.

Tebrgwrf,
Maarten Wiltink


Brian Kantor

unread,
Nov 6, 2012, 12:42:28 PM11/6/12
to
Maarten Wiltink <usene...@mfw.dds.nl> wrote:
>It's really quite impressive, considering all the backwards
>pressure they put on themselves.

It's enough to give one a terrible pain in all the diodes down the left side.
- Brian

Wojciech Derechowski

unread,
Nov 7, 2012, 9:17:31 AM11/7/12
to
Maybe some talented young complaints executives from Den norske Nobelkomité
can step in and cheer up everybody once again.

Graham Reed

unread,
Nov 9, 2012, 5:52:34 PM11/9/12
to
ab...@leftmind.net (AdB) writes:
> You posted that a _month_ ago and the Monastery is so dead nobody's
> posted the obligatory? Ok, you're completely fucking insane. You're
> welcome.

A couple of lurkers made fun of me in e-mail.

Naw, I'm kidding, one person wrote me some sensible advice.

> Farewell and congrats on the new unrecovery and all, eh?

I'll still be on the 'net. I'll still have a virtual presence at
151....

Only now I'll have a different reason other than, "you picked the one
weekend in 3 months where I actually have plans" for not being able to
attend an event at Chez AdB.

It's just taking too long to get the paperwork done, the stupid levels
at current unrecovery have broken my idiotmeter.

--
"I thought everyone in [TO] ... jumped off the Bloor Street Viaduct? Or
was your Mom a nonconformist?" -- adb about my mother in the Monastery.
"Well, of course she was. Just because everyone *else's* Mom was jumping
off the Bloor Street Viaduct, should *she*?" -- Jonathan's witty retort.

LP

unread,
Nov 12, 2012, 5:53:38 AM11/12/12
to
On 2012-11-06, AdB <ab...@leftmind.net> wrote:
>
> You posted that a _month_ ago and the Monastery is so dead nobody's
> posted the obligatory?

I misread that as "the Monastery is so dead nobody's posted an obituary"

-Paul
--
http://paulseward.com

ppint. at pplay

unread,
Nov 12, 2012, 8:28:01 AM11/12/12
to
- hi; use...@lpbk.net "LP" confessed [0]:
> AdB <ab...@leftmind.net> wrote:
>> You posted that a _month_ ago and the Monastery is so dead nobody's
>> posted the obligatory?
>
>I misread that as "the Monastery is so dead nobody's posted an obituary"

- "that is not dead, which can eternal lie..."

- love, ppint.
[drop the "v", and change the "f" to a "g", and hope the new,
disimproved, demon/thus/clueless+witless-ww m$ exchange mail
system doesn't hiccup too ridiculously badly, to email or cc.]

[0] - gibbously - or eldritchly?
--
"homeopathic compression: throw away the data and transmit the spaces;
the data to be reconstructed from the spaces by virtue of these having
remembered its shape. the only compression method more effective with
increasing original data density." - yr hmbl srppnt, 1st october 2004
Message has been deleted

Graham Reed

unread,
Nov 15, 2012, 2:44:33 PM11/15/12
to
ab...@leftmind.net (AdB) writes:
> If there's a farewell bash I could consider it. I'm venturing into the
> Dread 416 tonight for a TLUG meeting for the first time in whatever.

That's something to consider. The final stage of the process isn't
going to have a whole lot of notice; it's not going to be much more than
the minimum required to lawfully recover from the current gig.

--
"But it's just not fair!..."
-- John H
0 new messages