What is something good you made/did that got you in trouble?
Posted by BrokenPickle7@reddit | sysadmin | View on Reddit | 343 comments
I'll start.. So I was an "IT Engineer" at a site 45 miles from my home and gas was hella expensive so I found a job with the state government that was 2 miles from my house, Only problem is I start at the bottom, lowest position they had, IT Tech 2. It went up to IT Tech 6 then IT Pro 1, 2, then 3. My skill level was more around the IT Pro 1 or 2. Anyways, This position had a task every Tuesday and Thursday to connect to a remote server, download some PDFs, add up the numbers in the PDFs then verify them against some PDFs we get from another remote server. It took us on average 1 to 2 hours. During my downtime I download VS Code and wrote a C# program that did all the tasks in seconds. My coworkers rejoiced.. My boss not so much. He was PISSED. I broke protocol by downloading VS Code, by writing and using "unsigned" software, by using other government servers for testing my code, etc. I didn't get fired but I quit soon after. There was too much drama in government jobs. It was like working in a high school.
StaticBroom@reddit
We were doing a SQL Server migration that impacted about 100+ smaller applications. All code in our shared code library matched all the code in the prod apps. We were pretty good about that.
The plan was to spend the weekend on Zoom while updating every app with the new SQL connection info, compile, roll out...like good little boys and girls. A couple of us wanted to slowly update code in the weeks leading up, be we got overruled due to other "needs of the business"
Funny thing...all the apps...the folders existed in the same network share. Every one of them. Huh, that's awfully convenient. That Friday morning I put together something quick in C# that would scan each folder for config files, make an immediate copy in the same target folder called .config_BAK, then update every qualifying prod .config file's SQL connection to the new server. Right when we gathered together, as soon as the change window started, I launched the app and had everything updated in production in a couple minutes, also with an original version of the config as a backup just in case.
Just like that, weekend was free and all we had to do was update the configs in our library at our convenience. I created a shareable spreadsheet to mark off which apps in our library were updated and checked back in.
Got yelled at for going outside the rules of rolling out production code.
Shortly after, some teammates offered to buy me drinks that night at the bar.
Remystia@reddit
As a Jr Sys Admin, I rolled out teams in 2018 to the support desk that I was promoted from while most of the business was still using Skype for business. IT manager wasn't too happy about me "releasing a tool in to the wild".
Roanoketrees@reddit
I hated government work too. There is zero room for creativity and spontaneous work. Its soul crushing.
ie-sudoroot@reddit
I installed ad-blocker on all the company web browsers… we were an advertising agency.
Avasterable@reddit
Is this considered friendly fire?
ie-sudoroot@reddit
Not at all… we were not consumers, we were the dealers.
Model_M_Typist@reddit
I set my background to Bill Slowsky, the slow DSL turtle from the Xfinity commercials, when I worked in a call center for AT&T DSL support.
mbkitmgr@reddit
Legend ..... you tried
Either-Cheesecake-81@reddit
I set up a series of PowerShell scripts that queried the ERP and synced the information in the AD accounts of employees with the information HR had in the ERP. The data is the ERP was inaccurate and mostly missing so it blanked a lot of fields in AD out. Then when people called to complain, I directed them to HR. HR was PISSED, my boss what pissed because I wasn’t more collaborative.
MithrilEcho@reddit
If you truly did that you're one of the worst IT workers I've read lol
"Yeah, let's dump unknown data over data currently being used, and have everything overwritten, without even making the effort to verify if the data is wrong"
"Hey dudes calm down I just deleted a fuckton of data but it was totes someone else's fault that I did that, they should have done their jobs amirite fellow redditeurs"
JustDandy07@reddit
Well, yeah, you probably should have told HR you were doing this and maybe verified that the data you were pulling was accurate.
This is the type of lone wolf stuff that makes people dislike IT.
mrtuna@reddit
The amount of people posting in here completetely disregarding Change management is staggering. Then acting like they're doing everyone a favour when they break stuff lol
iama_bad_person@reddit
What? Call every user just in case HR sucks at their job? ERPs should be the source of truth for data in most cases.
XelNika@reddit
OP was aware that the HR ERP data was wrong/incomplete. OP was aware that the AD data was wrong/incomplete. Instead of taking steps to fix the data, he just synced the two data sources.
"HR was aware of the plan," they say, but IMO there is no way their own boss would be pissed at them if they had worked with HR before the sync. It could be as little as giving a warning and agreeing on a go-live date or they could generate a report of all the differences in the two datasets and give it to HR.
hrng@reddit
"Hey HR, is this the best source of truth for employee data or do you have something more accurate?"
iama_bad_person@reddit
Op already said that it was the source of truth and HR was in charge of maintaining it but did a shit job.
JustDandy07@reddit
Or call HR and ask if the fields are good? Take some sample data and compare it to what you have to see if any big changes are going to occur?
MorallyDeplorable@reddit
He makes it sound like he did it without even doing a trial run to see what was going to happen
Either-Cheesecake-81@reddit
I knew the data wasn’t accurate, it was however the accurate fields in the ERP HR was charged with maintaining.
eris-atuin@reddit
ok so you intentionally did it knowing it would fuck over HR, that's nice
OcotilloWells@reddit
I mean is it IT's job to figure out the correct job title, manager, etc?
spin81@reddit
It's not IT's job to knowingly spread incorrect HR information to other systems without permission.
OcotilloWells@reddit
He did say HR was aware. In another post.
Inevitable-Stress523@reddit
Not working with HR up front on their data integrity issues is the real mistake in this whole thing, though one I see integration developers make all the time.
Nemphiz@reddit
So you knew the dats wasn't accurate and instead of making data normalization part of the process you said fuck it lol
I'm surprised you kept the job
JustDandy07@reddit
So you intentionally made something worse?
Either-Cheesecake-81@reddit
No, we started with 2 databases of employee data that were both neither accurate or matching. In the end, they matched. I reduced the problem by half.
JustInflation1@reddit
HR did that 😂 but I mean, when do they not?
Millkstake@reddit
It was a bold strategy
koliat@reddit
In theory it’s a nice system though in practice I’d make sure the script only updates the fields from blank to value, not update to blank etc. Also make sure it was correct in the first place
tekvoyant@reddit
Heh heh heh. I mean, you expected this outcome then right? But also that the data would get fixed too because of the enhanced visibility, right?
If not...well I hope you would next time.
Inevitable-Stress523@reddit
The classic IT mentality "I'll just do this and if it's wrong people will complain and if they don't then it wasn't wrong."
CantWeAllGetAlongNF@reddit
I would've diffed the info into a report and told them, then said if they update it you can throw a switch and update.
mulquin@reddit
I would have done this as well, but it would have taken at least 2 months for HR to do anything instead of 1 weekend. It's harsh but sometimes people need a kick up the ass to actually get their work done.
CantWeAllGetAlongNF@reddit
That's a bold move cotton
chuckaholic@reddit
Others are not understanding why you did this but I do. You were being expected to maintain accurate data when not being provided accurate data. It was a bold move, but also the only correct one. Did they expect you to do HR's job for them?
Nemphiz@reddit
It's an irresponsible move. It's mind boggling to me that anyone with experience in this field would see this as okay. Jesus Christ lol
OcotilloWells@reddit
He said in another post that HR knew about it.
Nemphiz@reddit
And as the tech lead, he didn't think it would be worth actually addressing the issue instead of letting things get wiped out? I would seriously question your technical ability if this isn't the first thing you would've brought up.
People make mistakes in production, which is why a good company won't fire someone for a mistake. But this? This is straight up laziness and sloppy work.
Either-Cheesecake-81@reddit
Exactly!
DrDuckling951@reddit
Classic HR. Trying to be nice but got yelled at “GET OFF MY LAWN!!”
Mandelvolt@reddit
I'm seeing a lot of responses of people oblivious to regulations regarding production software. OP likely skipped over compliance procedure and connected unauthorized software to production servers. I feel like we all make that mistake at some point, but learning the regulatory environment and producing an approved product is the way to go here. Everything that I build has to have a manager approve the project, proof of testing, two teams sign off on it and a separation between who created the software and who deploys or runs it. So, yeah management gets pissed when people skip this process because IT/SOC/SoX/DISA/STIG audits will absolutely catch this and penalize the company for non compliance. It sucks, but that's life.
BrokenPickle7@reddit (OP)
You’re right for the most part. My original application connected to test folders long before I tried on real but I didn’t get any permission or have anyone else test it. I should have probably just kept quiet and used it on my own lol.
Mandelvolt@reddit
Usually helper scripts running locally in your workstation have much looser compliance requirements, I've bypassed a lot of red tape just running a shell or python script locally then manually transferring input and output files around. I made the same mistake working in a satellite uplink control room, I created a local webserver on my workstation to run an information dashboard to consolidate several other interfaces. Got in trouble because it was scraping data via selenium from a webservice tied to production. I had thought it was abstracted enough and they'd have no way of knowing the difference between normal browser use and scraping. They wrote me up when they saw my browser was refreshing the entire page every 15 minutes to the millisecond 🤣
BrokenPickle7@reddit (OP)
Yeah.. I actually was recently part of writing up a coworker that we had found that had done a similar thing.. he would take info that was input from managers share points, send it to his GitHub then to his personal azure instance on his personal Domain then back to his location lol
Mandelvolt@reddit
Oof that's a whole different animal, putting business data on a personal machine is like a deadly sin in most places.
BrokenPickle7@reddit (OP)
Yeah, fortunately for him it was just numbers that to the untrained eye would be useless.. hell even if a person knew what it was, it’s about useless. But we can’t have him thinking he can do such things.
DOUBLEBARRELASSFUCK@reddit
Yeah, I read over this and thought, "are you actually a sysadmin?" His boss' complaints were all pretty reasonable.
Mandelvolt@reddit
It all really depends on the environment you're working in. Startup life is like the wild west of do whatever works vs the more structured approach of enterprise operations.
DOUBLEBARRELASSFUCK@reddit
We haven't had a startup state government in a long time.
Mandelvolt@reddit
I was thinking this as I wrote my reply 🤣
hrng@reddit
If it's something that compliance would preclude then it's probably an employee education failure more than a failure of the employee. Why didn't they know exactly what they could and couldn't do?
Mandelvolt@reddit
It'a usually explicitly laid out in the employee handbook.
hrng@reddit
Or in some random SOP document, or deep in the 48th page of infosec policy, or it's not mentioned because of a technical control that makes employee compliance unnecessary etc. Many ways to skin the cat, and a lot of orgs don't communicate it well. Compliance should own mistakes like that to prevent re-occurrence though.
Mandelvolt@reddit
I think IT's first approach should be education, the punitive route doesn't really make sense if everyone has good intentions, some people just need a little more guidance on what is inherently a complex and abstract subject.
thisdodobird@reddit
At a bank I worked in briefly, I was given the task of checking to see why some credit/debit (for employees) system was acting up.
Accidentally came across some suspicious transactions, flagged it, escalated and 3 people got arrested soon afterwards.
2 weeks later I was tossed into some basement office to twiddle my thumbs. I resigned about 2 months later.
(The treasurer of the bank was later indicted for money laundering or some shit...those 3 ratted him out. He ordered HR to fire me but they stuffed me into the dungeon instead.)
Kamikaze_Wombat@reddit
Should have reported retaliation to the police, so they could find out who did it since they were most likely also involved in the money laundering.
mercurygreen@reddit
I cleaned up some errors in our Active Directory. Apparently this freaked out the senior guy because when they stopped popping up on one of his "audits" he spent HOURS trying to figure out why Active Directory wasn't working.
Yes, rather than actually CHECK that everything was fine, he was using ERRORS to make sure his scripts were running.
OcotilloWells@reddit
This is at the level of storing needed files in recycle bin.
Adam_Currey@reddit
Many years ago I implemented a Group Policy to auto-empty the Outlook recycle bin when users closed Outlook. Senior manager (finance director) was super pissed because "I keep stuff in there I need!" I struggled so hard to remain diplomatic.
blackletum@reddit
I learned the hard way to stop emptying the recycling bin on user's computers.... I have no idea why this is so widespread.
OcotilloWells@reddit
Can't you just restore them from the... Oh wait.
mercurygreen@reddit
"Arent you backing up my desktop?"
cosmicsans@reddit
At least there’s some history as to why it happened on email servers, I read somewhere that some older email servers wouldn’t count the space in your trash folder against your quota, so if you put emails in there you could essentially have unlimited storage.
No idea how that translated to an actual recycling bin though.
mercurygreen@reddit
"I heard once that..."
I work at a college, and the students have their own discord server where they share information. Sometimes some of it is actually accurate. But NONE of it is monitored, so...
TheDunadan29@reddit
I ran into an executive who was storing important emails in her deleted folder. When I asked if we could empty it (she was having storage space issues) she said, "no, I need those emails." 😳
mercurygreen@reddit
Same scenario but their response was "But WHAT IF I need them?"
blackletum@reddit
I had that happen too actually, and the user got mad when she found out that outlook was set to delete things in trash after so long lmao
metalwolf112002@reddit
I don't get these users. I would be very tempted to ask how often they go digging through their own trash at home.
Never? OK, imagine that email you are looking for in the recycle bin is covered in last night's spaghetti. Do you still want it?
randomman87@reddit
Don't worry, those fuckers will learn very soon because MS turns "space saver" or whatever it is on by default after your disk space drops below I think 20% and one of it's items of business is emptying the recycle bin
Dabnician@reddit
They just use a c:\temp folder that breaks shit when you delete stuff out of it
Ice_Leprachaun@reddit
This comment may belong to the r/shittysysadmin page, but I turn on storage sense via GPO to delete anything older than 30 days from the recycle bin. That and free up space from OneDrive/sharepoint not opened after 14 days. I don’t touch downloads though. This is scheduled to run 1/month.
11524@reddit
Fack that, I empty the bin first thing even if I'm there to replace a mouse.
Fack you and your simple-minded brain dead storage methods.
jlp_utah@reddit
Nice BOFH move. I approve.
IsilZha@reddit
Or Outlook. lol
50,000 emails in the trash.
"I might need those."
land8844@reddit
I set Outlook on my work laptop to empty the recycle bin upon exit. I don't store shit in there anyway, but it gives me peace of mind that I'm not retarded.
ZeroSkribe@reddit
No, you are
devloz1996@reddit
Wise-Communication93@reddit
And storing important e-mail in Deleted Items.
kloudykat@reddit
I just had an end user that was running low on space, like 1.5gb free on a 256GB ssd c:\ drive.
ran disk clean up and freed up 25GB that was in the recycle bin.
Lets just say I was not as surprised as I thought I would be.
Fantastic_Estate_303@reddit
User downloads folders are another culprit. Zero free disk space, but had spam clicked the download button on some promo or training video download.
Promo.avi - 10.2gb Promo.avi(1) - 10.2gb Promo.avi(2) - 10.2gb Promo.avi(3) - 10.2gb Promo.avi(4) - 10.2gb Promo.avi(5) - 10.2gb Etc.
FML
kloudykat@reddit
have lost count of the time I've clicked into someones download folder and found 8 copies of the file they have downloaded.
a big one we are running into is OneDrive sync filling up the (cheapest option) 256GB C:\ drives. Customer education seems to be the best way there, but its success rate is customer dependent of course.
lpbale0@reddit
That's so kindergarten level... I store my data in an alternate file stream in fake massive gig VHD files that I create with fsutil
flapanther33781@reddit
... attached to emails.
BeYeCursed100Fold@reddit
Emails printed out, scanned, and saved in Word documents stored in the user's Recycle Bin.
frankv1971@reddit
About 25 years ago I had a user that printed every mail and filed them in a filing cabinet. He had hundreds of binders to save the printed mails. Does that count?
IceFire909@reddit
"gotta update my files"
Scans millions of paper documents
noideawhatimdoing444@reddit
Naa i use 4 ddr1 ram sticks as my druve
tankerkiller125@reddit
That shit stopped real quick when we enabled storage sense. We gave them 6 months of warnings, and a ton of them the week of. (And we made a backup of their recycle bin just before hand)
Sure enough, storage sense gets enabled, and over the next week 5 employees complained about all their very important files not being in their recycle bin anymore.
We then repeated this process for the trash bin in outlook, and other various applications where it's labeled trash or recycling.
waltwalt@reddit
Haha when I wipe users deleted files and they tell me they needed those I tell them they shouldn't store them there and open a ticket.
IsilZha@reddit
Reminds me of the story of the guy that started a job where the most senior IT guy had created a custom code based on Javascript/JSON that used versions of a file in Suberversion for functions.
Also, this custom language didn't support comments (which no one ever told the guy) and somehow this led to the database getting wiped when he tried to put some code comments in.
mercurygreen@reddit
That's... terrifying.
IsilZha@reddit
I actually found it later, just never edited it in:
https://thedailywtf.com/articles/the-inner-json-effect
Gaze ye and despair.
mercurygreen@reddit
But Tom is a GENUS!
ZeroSkribe@reddit
Do you know what error logs are
mercurygreen@reddit
Me? I've only been doing this since 1983 when it was on mainframes. HIM? It was his second job after college, hired by the new CIO as his golden child (and minion/lackey/lapdog).
ZeroSkribe@reddit
ok well error logs can be used in different way and that is one
horus-heresy@reddit
that kind of activity by you tho is a termination worthy offense since changes to AD must be done with Change controls or by third party that is allowed if you're using some Identity governance tool doing changes on your behalf with guardrails and tracing of events
hrng@reddit
Good work projecting your company's unique workflow on some random comment with zero context
horus-heresy@reddit
Cleanup for one person is a series of destructive actions for other. AD is a force to be treated very carefully. There’s not much context needed
mercurygreen@reddit
Apparently the difference between "Changing AD" and "cleaning up records" did need context...
horus-heresy@reddit
Changing, fixing, cleaning is all the modification activity that in most places requires change controls
mercurygreen@reddit
Uh huh. You might want to spend more time in ticketing, and less on meetings.
horus-heresy@reddit
Change controls don’t require meetings, you just document what will be done and schedule it to happen at specific time so that it is traced
YummyBearHemorrhoids@reddit
Bold of you to assume a company that is utilizing error messages as status checkers gives a shit about things like Change Controls.
mercurygreen@reddit
Oh, this wasn't the COMPANY, and they weren't changes. Not every fix means change control - some of them are "This record is incorrect. Let's delete it and recreate it correctly."
Before anyone starts about "OH IT HAS A UID THAT'S DIFFERENT AND..." the bozo wasn't using the UID or even anything ABOUT the record (which was a contact for a company we dealt with) it was the fact there was ANY ERROR BEING GENERATED. As in he KNEW THERE WAS A PROBLEM AND RATHER THAN ACTUALLY FIX IT, he decided THAT was something he could use!
posixUncompliant@reddit
I worked for a place that sent three alerts every 15 minute that process wasn't sleeping. That was the good state.
Two days after I took over all the monitoring services, that was gone. It would've been faster, but approving the change had a built in delay so management could review stuff (read so that certain managers couldn't pull a fast one on each other with change approvals).
I'd written the monitor that report if the process was hung, suspended, sleeping, or otherwise not functioning properly oh, 9 months before. That monitor worked, and had even been triggered once by a real event (one not noticed by the not sleeping monitor).
mercurygreen@reddit
I didn't CHANGE anything. I fixed some contacts that had been migrated incorrectly from 2003 (seriously).
Otherwise_Time3371@reddit
Found the senior guy
Remarkable-Cut-981@reddit
Senior Junior Intermediate Principal
It's all just a title bro
Don't mean shit
horus-heresy@reddit
Ok well are you a staff engineer? Because seems like you might not know what you don’t know
Jazzlike-Love-9882@reddit
Wait, I am now struggling to assess whether you’re being sarcastic or not 😂
horus-heresy@reddit
I'm not sure myself, someone that doesn't understand correlation between titles and salary might not know a lot to begin with hence my mention of staff IC level. It might be that part of Mount Stupid of dunning kruger curve where someone thinks that Associate level can have 250k salary over principal making 90k because titles don't matter bro, iz about how you negotiate huh
posixUncompliant@reddit
Associate what and Principal what?
The Associate Architect probably makes a fair amount more than the Principal Support Technician. (yes, I've ran across both). Titles are always stupid dick measuring for check box obsessives, or hr execs (but I repeat myself).
I can't tell if your title includes BCP responsibility, or just single site resiliency. I'd assume that you have design approval authority, but can be overridden by an architect.
Assuming you're good at your job, if you have deal with anyone on my side of the world, I'm kinda sorry. Normal rules break our stuff, and we're abusive to anyone's resources. Though usually it's the security guys who really get their panties twisted dealing with us.
horus-heresy@reddit
We have 2 flavors of architects, Enterprise Architects and Infosec Architects that work together to address the gaps. Principal Support technician is not a thing, those will not go anywhere beyond associate in our structure.
Associate - lowest level.
Sr Associate - L3 SME tier of knowledge.
Lead Associate - usually work within their silo with product owner to enhance products they manages.
Advisor - IC work with product owner, high impact contributions, knowledge of business impact of tech capabilities enhanced.
Principal - exceptional contributions on the org level across multiple products and silos.
Distinguished - only a handful of folks we got maybe a dozen that have ear of SVPs on strategy and direction.
I am on both architecture review board to represent our products and voice any concerns and also of course all sides of blameless reviews and sending suggestions to architecs based on any relevant SLA related incidents. The worst I deal with is business side developers
posixUncompliant@reddit
The Principal Support Tech was a title at the most dysfunctional org I've ever had the displeasure of attending a meeting at. I still wonder what their job actually was.
So, I work in research computing (supercomputers). I consider myself a storage guy, and as I am technical, not sales, and not a straight developer, in my world that means I'm support. If I'm working on issue with your org, I expect to need to talk about the storage systems (which are both arrays and servers), the storage network, the compute nodes, and possibly security. How many people are in the room? Will they be the same people when I'm out again in a couple years because you migrated to our competition and now need help coming back to us?
I can, and do, build our appliances, install them, and depending on how busy I am, I take customer calls ranging from part replacements to truly novel issues. I'm the guy who does the new stuff first, the visible stuff, and especially the high stakes stuff. I am responsible also for our internal test and validation architecture. That's been true even before I moved into research. What level am I in your org?
Do you mean business development, or some flavor of programmer on the business side? The first have either been the best people in the org to know, or the worst type of marketing idiot to slime their way into a suit. The second have always been very odd.
Remarkable-Cut-981@reddit
If you are fisacted on titles you have an ego issue
Also titles vary from company to company, as well as from team to team making them meaningless and worthless
You could be called a junior engineer in one company
And be paid more than someone who is titled a senior engineer in one company
And vice versa
Its all about salary and ofcourse the learning opportunities.
Titles don't matter
Stop hanging onto them
Vuiz@reddit
Title's mean a metric ton if you are in an hierarchical organization.
Remarkable-Cut-981@reddit
Yeah, but by title one senior engineer in one team could mean something else in another team
Meaning pay grade as well as the complexity as well as the responsibility of the role
Making it useless again even in an hierarchical organization
horus-heresy@reddit
Then the company structure is whack, we have same 8 levels for tech and non tech folks across any Business Unit before you transition to people management track which spans from manager to SVP. Our pay bands are also same for Principal tier in one org vs the other internally. This helps with internal mobility when let's say platform folks want to explore infosec org and risk\auditing. You need to have easily understandable structure when you got 10k-50k people
posixUncompliant@reddit
If you don't have room for weird little teams where nothing works the same way as the rest of the org, then you're more rigid than any government org I've worked with, or education, or finance.
Personally, I can't stand most big orgs and their silo nonsense. At the point where you can't do design, build and troubleshooting in the same role, you lose the ability to actually understand the system you're supporting.
horus-heresy@reddit
No that's when you actually collaborate with folks as a product owner with architects, devops, infosec architects and so on. Silos can be bad, but also they are required element of very large orgs. there's no way around having one person wearing so many hats and be able to actually do anything productive
posixUncompliant@reddit
It's not the amount hats that's the issue. (and design, build and troubleshoot seem to be one hat to me, you can't do any of them worth a hill of beans without being able to do all of them)
It's that instead of having individuals with responsibility for an end to end system that fits within the modular framework, you have individuals responsible for bit parts, and no one can actually do anything, or see anything.
No silo system is actually effective. It's just easily measured. But you give it any kind of complex problem that's outside of the rules understood by the people who put it together, and it fails to adjust.
I've worked for and with very successful large orgs who managed quite well to keep organized by system trees instead of skillsets. They've always been more flexible, responsive, and effective than the places that group people into skillsets, and seem to think that it's better for someone to troubleshoot the web portal one day, and the head node of the research cluster the next. Sure, they're both linux systems, but they generally do not have the same type of issues.
Hierarchical aren't bad, and can be quite effective, if done correctly. But when the hierarchy triumphs over functional effectiveness, then you've failed.
Narrow focus on easily measurable processes is what machines are for.
posixUncompliant@reddit
Not in another team, but in another hierarchy.
I've had some of the dumbest titles. The difference between Systems Infrastructure Engineer and Infrastructure Systems Engineer was about 5 years and $40k. Oddly the better paying one was several steps further from the top technical role, but also much further from the basic technical role. Also oddly, both of them were essentially storage positions.
horus-heresy@reddit
I feel like my title triggered you and that's fine, but they mean a lot regardless of your rambling. level of calls you attend and agency you have over work you choose to do yourself (individual contributor\staff track with advisor\principal\distinguished titles) over tasks you get assigned by management (associate\sr associate\lead). Even in tiny companies with 700 employees and 5-10 tech folks on staff titles can distinguish who you are working and dealing with. No need to get so worked up. CTO at startup might be dumbfuck with less knowledge than our sr associate, in that regard yeah titles don't matter, but L7 at amazon, google, microsoft, cap one will be very comparable with clear expectations of you and your understanding of what to expect from the role
Remarkable-Cut-981@reddit
I'm not insecure bro
I just gave my opinion
But you take it for what it is
Creative-Dust5701@reddit
On this concept for testing you want to insert deliberate errors so that you know that the test script catches and alerts on errors. Of course you also want to trap error codes on exit so you know the script exited normally or abnormally
technos@reddit
I kind of understand this though.. During a break in my IT life, I worked for a transportation company, and I used to run about a dozen automated reports every night. On a good night half of them produced nothing.
And then the reporting system broke for a week. I didn't know, I was still getting my empty emails. My first clue was my great-grand boss calling up from three states away to ask why I was fucking him in the ass holding things up with Mexico and if it was intentional or incompetent.
It didn't turn into a big thing for me (not my fault, after all) but IT got positively reamed. One of my friends over there said she'd been screamed at by fourteen people that could fire her in single day.
Still, to catch things in the future, all my reports were changed. Now they'd do whatever they were designed to do and then they'd tell me if someone with my driver's license and license plate had tendered a container of depleted uranium tank rounds for the US Army.
That particular query hit all of our databases. Driver, truck, chassis, container, hazmat and sensitive.
Now I had emails that always had at least one line of data so long as the reporting system worked.
A year later I got emails without it. Oh, there were phone calls, where everyone swore shit was good, but my manual reports were different, so I kept talking to people.
And that's how the second outage during my time there was caught.
mercurygreen@reddit
And that's a DELIBERATE test against data.
metalwolf112002@reddit
It's not good practice, but somewhat understandable. On my home servers, I have a backup job that runs weekly. I have it configured to email the log from that run to my automation inbox. I'm used to seeing that email be nothing but "backup started ... backup complete X:XXam" since I don't make changes on that server as often as I used to.
mercurygreen@reddit
I understand THAT. There's a difference between and error and "Why am I not getting the "Completed Successfully?" condition that shows it ran at all.
THIS... wasn't that.
manofsticks@reddit
I'm a dev, but had something similar; a program in our codebase needed to email the user at the end of the job. The dev who wrote it did this by crashing the program at the end, and then overriding the job scheduler "crash alert" email to just be the notification email.
I discovered this when we expanded our on-call process and I started receiving automatic on-call alerts with totally normal messages about jobs completing successfully. When I put in a bug fix to change that, the project manager rejected the ticket and said it was "deliberately done that way".
vlaircoyant@reddit
This is the level of genius one associates with end users. At least usually.
mercurygreen@reddit
Sometimes the difference between end users and professionals is only their level of access.
jamesaepp@reddit
I'm kinda curious as to what the errors were that you fixed. Were they security problems on accounts? Could have been honeypots.
mercurygreen@reddit
They were not. The company had started on Exchange 2003, and migrated to 2008. then 2016. Some of the original contacts for outside businesses had come through as actual full users (with login privileges) - sort of. So, it was a security issue even though no one had credentials for them. The accounts were missing some things exchange requires as real accounts, and would cause errors if you accessed them through the correct consoles/commands.
One of the "attendance" reports he was running to who had come to work daily (seriously, can managers stop trying to use that as a metric!) used the errors as checking his report finished "correctly". (Narrator: His report was proven to not run correctly.)
MoonToast101@reddit
Sounds like the keyboard heating feature
mercurygreen@reddit
I follow XKCD and have read all the archives multiple times.
Somehow, my brain blocked this one out, but I'm going to send it out with our next update.
grouchy-woodcock@reddit
I did something similar. I was asked to undo it.
spin81@reddit
No, we have monitoring at home.
Monitoring at home:
banannie70@reddit
I think I worked with that guy 🤨
MairusuPawa@reddit
There's a reason he was pissed yes
https://medium.com/@amitassaraf/the-story-of-extensiontotal-how-we-hacked-the-vscode-marketplace-5c6e66a0e9d7
tyrantdragon000@reddit
I'm reading there are vulnerable vs code extensions. How is this different then upgrade from windows 10 to 11, because you can run malware on all of them.
MairusuPawa@reddit
To note: some VS Code malware specifically targeted vulnerability researchers.
malikto44@reddit
Don't laugh. A NTP pool.
At a previous job, I had a pool of a few machines to ensure the UNIX side was good for NTP, even if the Internet connections went down. The pool had a CDMA/GPS card to ensure that the clock sync was correct.
All went okay until the upstream NTP server for the Windows side failed, causing AD to not authenticate and requiring the Windows machines to all need reboots. The UNIX side (Solaris, Linux, etc.) all worked without issue.
Next day, Windows side was up, and management started demanding A RCA... from the UNIX admins. Yes, I had to give a root cause analysis of why the UNIX side stayed up while the Windows side didn't, and present it.
Management wasn't convinced. so they hired an outside auditing team to go through every UNIX workstation, server, network box, and hit everything with full credentialed scans. The manager doing this kept saying that if a mastercrafted OS like Windows went down, then why did a "patchwork quilt of hacks and kludges" (indicating Solaris and Linux) remained up.
After a huge amount of money spent, the auditors came up with pretty much the same thing I had -- the UNIX machines had their clocks synced up, while the Windows machines fetched time from outside the company.
lurker_lurks@reddit
O_o
You say so Boss. Lol.
malikto44@reddit
I should have had a "/s" in there.
lurker_lurks@reddit
Same. I was replying to your ex-manager.
Mammoth-Variation-76@reddit
"Windows" and "Mastercrafted" don't belong in the same website, nevermind sentence.
malikto44@reddit
Thanks. I edited the post, as those were not my words.
Remember... the guy who used those words spent a ton of company money just to have an auditor explain to him now NTP worked.
MajorAd8794@reddit
Let’s go back to high school. I figured out how to use “net send” command in windows. We hade a Cisco program and we all knew how to use ipconfig to get IP addresses. Well, all the library PC’s were on a domain and win2k. Once I showed them you could pop up messages on any computer if you knew the IP address… it became a problem. It got kinda bad. During the morning announcements “anyone caught using net send on the school computers will be suspended” which was a proud moment for me and my friend circle who originated it.
The most hilarious part, thinking back, is that our administrator was a moron. All of the computers were on a domain (I think) and logged in with no password and at least local admin rights. So instead of fixing the flaw in the computer system (because he couldn’t) we were threatened with suspension LOL! He is the same administrator that left the root password to the Solaris computer lab on a 3x5 note card taped to the side of the server. I got in trouble in that classroom multiple times. Even when doing school work! Apparently saving your documents to your geocities ftp server was not the approved way to save your homework hahaha
aes_gcm@reddit
If your network is so insecure and shitty that it can be easily defeated by a bunch of high schoolers, probably time to rethink the approach.
MajorAd8794@reddit
We had just rounded y2k at this point, the world was just realizing it needed a game plan with this whole computer thing.
aes_gcm@reddit
The Crowdstrike incident was what everyone thought Y2K was going to be, even though in reality Y2K was pretty much nothing.
Schrojo18@reddit
Y2K was minimal because people were prepared.
caelumtech@reddit
enabled data-deduplication.
jackoftradesnh@reddit
Where you fucked up was telling them, and not pretending you are working.
traydee09@reddit
Patching servers that had been running Server 2016 RTM code for 4 years.. "wait you did what? we want up-time, not patches, what if you broke something"
Suggesting and then proving that the guest Wifi network was actually just straight on the corp network, and not a secure separate network as believed. "no its a separate secure network, you're dumb" then why can I ping our domain controllers and file servers from the guest wifi network?
Suggesting that (running a custom self written (in house) RADIUS server that ran on ONE server, when the guy who wrote it was fired 8 years ago, and there was no way to move it to another server, for wifi authenication) was a bad idea (and suggested a fix), and then proven correct when that server crashed. "man, you should have told us this earlier so we could fix it. you should have came up with a solution sooner. you maybe arent qualified for this role if you cant keep our systems up" also them "get approval for everything before doing it, and it better not cost any money, including your time"
Character-Guest-2804@reddit
To be fair, I recently discovered our "separate secure network" for guest wifi was able to ping the main network. Turned out to be a default rule in WatchGuard firewalls. All other traffic was dropped.
traydee09@reddit
I kept it simple, but wifi "guests" are also getting DHCP from an "internal" server. and none of our "internal" traffic goes through a firewall, so theres nothing to block the inter-vlan traffic. So it wasnt just a simple oversight.
Any_Particular_Day@reddit
Working T2 support for a medical transcription company, some 3000 transcriptionists working at home typing up recorded medical reports. Anyone who’s been around transcription knows they live with their word expanders. So instead of typing “35 year-old female” into reports a million times, they’d enter “35yf” and it would fill the rest in. Some of the transcrptionists who’ve been at this a while would have tens of thousands of entries.
Well, developers made a change and everyone on a large account (several hundred transcriptionists) got a new word expander, with zero entries, and the old software couldn’t read the old,word expanded file. Developers said it was impossible to convert, so everyone would have to start from the beginning again. But it’s just a text file at heart, so I got a copy of someone’s old word expander file and dug in. I’m not much of a programmer, and I had no real tools, but I applied the old mainframe processes I’d use, but in Word VBA. It COBOL - Read old file line by line, reformat, save to new file. Tested it with this one person and she was ecstatic that she could work. I added a few niceties to the Word doc that ran the script and gave to my team. Also sent a copy to the dev team, cc’d my boss, with the explanation what it did and how it worked.
Next day, I got called into bosses office before I could sign in and chewed out for doing this. It wasn’t my place to take this on. The dev said it couldn’t be done, so that was it. And I was told not to use it and the team had been told the same. I go sit at my desk, sign in and check email and right at the freaking top is the dev who said “can’t be done” telling people “here’s what I did” and getting kudos all around. I looked at “his” work… It was totally my VBA and all he’d done was put his name at the top of the document, left all my notations but just took my name out.
HoustonBOFH@reddit
That is copyright fraud. When you sent it to others, that is arguably publishing it. Could have made a LOT of people very nervous.
Any_Particular_Day@reddit
That’s an interesting theory, but how did giving something I wrote on company time, to aid employees at the company, given to members of my team at that same company, constitute a copyright fraud worthy of getting chewed out? And how was it okay that the dev took my work and passed it off as their own? Just curious to hear the reasoning behind that because the same could be said for the thousands of scripts that get passed around.
HoustonBOFH@reddit
You misunderstood... What he did was copyright fraud. He took your published work and claimed it as his own. That, combined with the retaliation can make HR and Legal come down on them like a ton of bricks. Because they would be breaking the law just to steal credit... Not even for money.
Any_Particular_Day@reddit
Ah, gotcha. Probably could use some clause that since it was made with company resources on company time it belonged to the company. I was mad at the time, but parent company sold the division to a smaller competitor, it all went to shit so I left and moved cross country, and barely six months later the whole business abruptly closed.
HoustonBOFH@reddit
Copyright covers two things, financial and attribution. They would have financial claim, but still can not steal attribution. That is why Legal would give them hell.
stevehammrr@reddit
I was a freshly hired security intern and while I was getting my bearings I was reading over documentation and reports I found on our shared drive.
I found the internal vulnerability scan reports for each quarter and they were shockingly clean and small for such a large internal environment. I compared them to the Visio diagrams of our internal network and they didn’t add up.
I had discovered that our outsourced IT company wasn’t doing the quarterly vulnerability scans of our internal environment like they were supposed to be doing in our contract. They were just scanning the same /24 every quarter while in reality they were supposed to be scanning around 50 /24s. This was great for them because in their contract they only had to fix or patch systems that showed up in the vulnerability scan.
I asked our team lead and he had no idea why that was, he escalated up to our director, who asked the outsourcing team, who escalated it up to a bunch of other people. It ended up getting to Internal Audit who threw a fit because they had basically been led to believe we had had clean internal vulnerability scans for years at this point.
Long story short, when they fixed the scan scope and re ran it the network was full of massive vulnerabilities. Like, ms08-067 on hundreds of systems level of bad. (This was ~2011).
My director asked for a meeting with me and told me not to go “digging” anymore because I just caused a “massive headache” for him and his boss. Then he removed my access to the shared drive and told me i was only allowed to do software approval tickets until he told me otherwise. He ended up getting canned a couple months later when internal audit found out he had backdated a few firewall configs to make it look like they had been in place prior to an audit.
Sucks to suck, dude!
shadowtheimpure@reddit
It's unfortunate that the incompetent tend to 'fail upwards' instead of being culled from the organization like they should be.
Few-Post4032@reddit
The Peter Principle
mdj1359@reddit
How is the director getting fired failing upward?
shadowtheimpure@reddit
The fact that the raging incompetent made it to director before someone finally shit-canned him.
TostiBanaanPindakaas@reddit
Yeah 2011 they didnt care that much about vulnerabilities it seems. Nowadays thats a big no no. It was a big no no in 2011 aswel but probably not for managers hehe.
_bani_@reddit
i hope you reported this to the CEO. they might not like that their director is concealing critical information from them.
ArthurStevensNZ@reddit
I bet this "director" was somehow involved with the outsourced guys. Seen it a million times.
Geminii27@reddit
Did you report the director to Internal Audit?
flummox1234@reddit
Classic ouroboros move! Nice!
BrilliantEffective21@reddit
bitch asked to add a random MAC address.
I asked where the MAC came from.
no security reference, I denied it.
their team screamed to every person in the IT team, and I got asked to provide a reason for denial.
opposite end of the spectrum, where I should be asking where the FUCK the MAC address came from.
org that I worked for at the time, had shit security.
fucken bastards.
Tzctredd@reddit
Oh, easy.
A client ran out of licences for a piece of software, there was no senior person to sign off the issuing of a new one and the client was desperate so I used my own initiative to request an extension, I judged that it was better to keep the client happy.
When the bosses were back I got such a bad reprimand that I resigned on the spot, to the general astonishment of everybody (I was part of a team of senior engineers that were delivering the biggest IT project ever seen in my geographical region at that point).
I slammed the door in my way out: we often had these problems because the bosses were disorganised and our reputation was suffering.
A few hours later the boss called to apologise, I accepted the apology and a few weeks later I got a pay rise.
It transpired that my big boss' bosses were not impressed with the situation and he got a bollocking as bad or worse than the one I got. He didn't resign.
I resigned again a few months later for unrelated personal reasons, it felt good. 😁
retrogamer-999@reddit
I used to work in Voice. Ym team of 6 managed about 300 PBX's ranging from 100 users all the way up to 2000.
One particular PBX was using STUN and the stun servers fell over and stopped responding. The service provider took 2 days to get the issue resolved.
The only solution was to change the stun servers. Smaller customers it was ok but when I done the 2000 seat one and got them back online within an hour of finding out what the issue was. Immediate staff on the ground where happy singing my praises as it was a particularly busy day in the call center. But the directors at both my company and at the customers have a right telling off.
I didn't follow change control.
Since then, No change control = no changes, no ticket = no support.
40kmoose@reddit
Stepped into an IT director position for a company with no formal IT and an MSP doing on call service and server maintenance. First day on site, I did not have my own personal login so I was told to use the shared meeting room account to surf the web and fill out some forms. I had way to much time those first few days as I was waiting on the MSP to make my user and admin accounts. While on the public, low level, shared account, I figured I would do some digging and see where the company was at from a security and organizational standpoint. I started looking through all the unsecured share drives to see what was available. Mind you I was already signed and paperworked so I was allowed to have access to everything.
I was completely shocked to see a .text file labeled "Admin Account"
In plain text was the user name and password. Of course I immediately used it to sign into windows.
What did this account have accessnto you may ask ?
AD, domain, shares, VM, the works. I signed into AD, made my own accounts and then continued to poke around. I asked around and apparently some VERY non IT employees were using the account to download programs add new workstations to the domain etc. It was blowing my mind coming from a much more formal IT environment.
So I changed the password and figured "Let's see what breaks" Apparently the entire domain. This was the domain trust account with FULL domain god rights.
The next day I came into work and everyone was complaining about no being able to log in and access folders from other sites etc.
This prompted several talks with CFO, CEO, MSP calling me a wild cowboy etc etc. I had choice words on the matter. I lasted a year before I switched to a different company for twice the pay and 3x less headache.
CantankerousBusBoy@reddit
Well this story is insane, but you don't look great either.
You should not have tried logging in with the account, and resetting this password without consulting with anyone else is no bueno.
You should definitely not be doing this on your first day of work...
40kmoose@reddit
Lessons learned but if changing the password on an admin account stored in plain text open to anyone in the company broke the entire network, I have no qualms with that. If anything when I did ask about the account it was described as a super user if anything. The entire IT for that company was a nightmare and I have wayyy to many stories from that place.
c0rt3x1ph4n@reddit
About a year ago, the CEO's office was to be renewed, so they were about to throw away 2x 98" plasma. Since they where 5 years old, and had been used like 50 times topz!
Two other departments at our factory, was in deeply need for two larger screens but the company did not want to buy them.
So, i re-used them wisley! Everything was fine and cool_beans.jpg until a figlet dip He's noose in the cookijar and snitched... This person wanted the monitors for He's department i later found out. But this ended with several people higher up in command yelled "theft from company" (wierd since the screens where still onPrem.
But the story ends with me being a local hero, no further consequences 🥳 really shitty move from business thou "save money my ass..."
Top_Boysenberry_7784@reddit
Working in manufacturing I wrote a program to calculate and display oee in real time. It was fairly basic and I ran it on a raspberry pi mounted to the din rail in the machine. All I needed from the PLC was one output signaling each time a part was made. We mounted a large display outside the machine that operators and supervisors could easily see. The screen showed a shift target, and how many parts made so far during the shift and a percent of OEE currently. If OEE dropped below 90% the screen background turned yellow, if below 75% it turned red.
Leadership loved and hated it. Operations loved it because it gave them a faster way of seeing what was happening for critical machines when walking the aisles. Some of IT leadership didn't like it and somewhat scolded me because we were working on a much more capable system but likely wasn't going to be fully implemented for another year.
Didn't really get in trouble but didn't get the reaction I thought it would. I literally had maybe two days of time devoted to it and when manufacturing would want another I just gave them the parts to hook up.
For anyone wondering a couple of these were not ever removed when the new systems went in. When I left the company 4 years later those RPI's were still doing just fine.
da_apz@reddit
I suggested a similar thing for a customer and offered to implement the thing while working at an MSP. Customer's own helpdesk guy was instantly like "no-no-no, we'll buy a professional software that will do all that and more". 5 years later as I left my position, they still had no software in place and it was one of the employee's most wanted item.
stempoweredu@reddit
God I hate this in industry. I have run into far too many employers who let perfect be the enemy of good, and rather than letting their team write a quick app that does 90% of the functionality, they spin their wheels for years looking for this unicorn product that offers 105% of the features they want for 40% of the cost such a product would demand, and years later, we still don't have that feature our developers could have easily implemented.
da_apz@reddit
Smart and talented people quitting in frustration is the anthem of the field, unfortunately. Quite often I've noticed how people flat out reject simple solutions to problems and like you said, start dreaming up this monstrosity of a solution with 3 kitchen sinks integrated and since there's no one to implement that, we're just left with a daily frustrating problem for which there's no solution.
If that's not enough, there's always some consultant selling their one size fits all magic solution that does anything from inventory to financial management - all in one package and every one of them slowly and poorly. I swear they literally exist because they're big names and the higher ups only think that they can't be bad because they're big and "everyone uses them".
ReputationNo8889@reddit
While i get your gripe, its not wise to rawdog everything inhouse. This creates massive technical debt, that most likely will never be removed because to much depends on it. With a vendor you at least have support to keep it up to date.
stempoweredu@reddit
Sure, but when your organization's modus operandi is 'we don't buy products because we're looking for unicorns AND we don't develop in-house,' that's an even worse form of technical debt. It's technical bankruptcy.
ReputationNo8889@reddit
Oh yes, totally. Kneecapping your org because you are waiting for a silver bullet is the way to loose talent and build up resentment
Dookie_boy@reddit
If IT complains, it's just an HMI
MorallyDeplorable@reddit
I stepped on a coworker's toes because he wanted to do this grand elaborate hand-coded metrics reporting system and while troubleshooting a recurring issue a vendor update caused I set up node-exporter and deployed it everywhere through our management layer and that gave us everything we wanted. He lost managerial support for his plan and started whining to me about how many page requests node exporter would be handling -- four a minute -- and how it's all not scalable.
It was the stupidest shit, I lost basically all respect I had for the guy.
shortfinal@reddit
One of my first "real jobs" was working for Geeksquad at Bestbuy. We had to wear stupid clip-on ties and setup new computers for customers that the sales guys managed to push all of this ridiculous shit on.
Part of that was a checklist of going through to remove a bunch of the stock bloatware that came with standard HP/Dell machines of the day (do they still?) then installing Norton (ughh) and Office, plus all of the incremental windows updates.
It was considerably more pointy-clicky in 2004-2005.
Anyway, so my smartass makes a CD with a batch script that automates a lot of this away. I make half a dozen copies of the CD and give it to my coworkers to use too. Now we're all moving onto other things instead of babysitting these new installs for 2 hours at a time. Troubleshooting PCs in the back, etc.
Direct managers, the kings of little fiefdoms they are, worried about how busy their little bees are, became livid with me. Told me I was using "unapproved software" on customer computers. This wasn't the process, etc. Confiscated all the CDs, etc.
Two months later? Corporate has this "new process" for doing installs that involves dropping a CD into the machine and clicking this shiny batch process that does all the things. It was a bit shinier than my solution for sure.
Was I pretty fucking angry? Yeah. It was clear what happened.
(If those managers from that Jackson, TN BestBuy are reading this now: Go fuck yourself, your mother should have swallowed you)
KoalaOfTheApocalypse@reddit
Tom?
TKInstinct@reddit
It's funny they were talking about using "unapproved software" since I readily recall hearing they were using the old Hiren's BootCD right around the same time.
shortfinal@reddit
1000% the whole place was a shitshow and the original procedures we had was a checklist of "go here, click this, press windows updates" yada, and do these things until there's no more prompts.
Then when it came to recovery tools, all the standard open source or whatever malware/shareware tools you could run to remove shit from a computer was what was needed. There surely wasn't anyone training people on how to debug, troubleshoot, and remove viruses from machines without doing a standard wipe+reinstall+$300 upcharge for "recovering your files".
cough cough drag and dropping
Ultimately I think the latter became the corporate procedure: push more standard services to resolve the problem -- and the goodwill that they had garnered from being lucky enough to hire nerds talented enough to troubleshoot and fix a computer.. well.. they shot that right in the foot.
Bestbuy is gonna ultimately go the way of Sears, and you know what? That's fine with me.
xDsage@reddit
Lmao staples just outsourced all that shit to "the matrix" which was just indian dudes they paid $5 a day so we could do busy work like shoving ink in lock boxes that could be opened with any magnet.
Sunsparc@reddit
How much Liquid Armor did you push today?
communads@reddit
Best Buy did this too, they called it Agent Johnny Utah. I saw the remote agent looking through customer pictures multiple times lol
communads@reddit
I was also in Geek Squad during that same timeframe, yeah corporate was a massive pain in the ass with this. They also said that we couldn't use generic OS discs - we were only allowed to use the physical media that came with the computer or were supplied by the customer. We just had a hidden little external drive that had all the ISOs on it anyway, every neighboring store did the same thing.
i-love-tacos-too@reddit
I worked in Geek Squad when they had multiple CDs for everything. Some guys got tired of using multiple CDs so they created a "SuperDisc". It was just both of the CDs combined and could be used for everything.
Not sure how long it was used for but knew it was way before me. One of those remote Indian asshats reported it and we had to get all new CDs along with a reprimand.
I left about 2 months later but we burned the SuperDisc with the new CDs and only used them on stuff we manually fixed.
AntelopeUpset6427@reddit
Shadow IT ftw
blackletum@reddit
truly, no good deed goes unpunished
raging_radish@reddit
I had a system on our intranet where staff could check out hardware, usually networking gear and scanners. If whatever was borrowed hadn't been returned by a designated date, the staff in question would receive an automated reminder email. In the footer I had written: "This message was brought to you by the $CompanyName Nag-O-Matic^TM."
They made me take it out :(
kawaiikuronekochan@reddit
RIP Nag-O-Matic, cute name!
RumpleForeskin990@reddit
Wrote a script to process terminations in PowerShell. Was at an MSP. They didn't like that I was learning to code. Didn't like that I was doing things too efficiently and not racking up billable hours. At the same time they'd complain about human errors on terminations. Eventually I got sick of arguing in circles and just used my script myself and dressed my tickets up to look like they were done manually. Ie screenshots of account configs before I run the script. Time entries that sounded manual. Then I spent 20 minutes playing games or watching TV. I left 6 months later because I felt theyd say anything to avoid using scripts and automation. Got tired of the same disingenuous conversation. Felt like my shop was very set in its ways and slow to change. Which in tech is asinine imo. Got 60% more money to go from jr sysadmin to senior sysadmin.
punkwalrus@reddit
I think I considered it more of a joke that my company was clearly violating security and HIPAA by having someone from India having access to private medical data. I knew he was not a US citizen, because he flew in from India for the developer meetings, and kept trying to cover it up badly. On paper he was working from the US state of Georgia and was a US citizen who passed a background check.
He flew into one or our conferences, and I asked him how his trip was.
"Great!"
"Did US customs hassle you?"
"No, it was fine-- Uh... I mean, I didn't go through customs! I went through the TSA!"
"Those Georgia Bulldogs aren't doing so well this year. You think they'll get the Stanley cup?" [The bulldogs are football, the Stanley Cup is hockey]
"Yes, we can always hope!"
And so on. During a video call, you could see out his window it was dark outside when it should have been 2pm in Georgia. Frequently his timestamps were 8.5 hours ahead of the east coast of the US, and that's a specific peccadillo to India time zone, that half hour bonus. Just so obvious he was an Indian, from India, who lived and worked in India on stuff he should have never had access to.
I got in BIG trouble one day when I was told to STOP talking about him or addressing him in person in meetings. That's when I knew that my company was not only aware, but trying to cover it up. Two years after I left, major security breach with a military medical organization HMMMMMMMMM....
Antique_Grapefruit_5@reddit
When I was working in a school district our local ISD made a network change that resulted in us getting kicked out of our student management system after 15 mins of inactivity. This obviously angered some of my users. After working with the ISD and being told that there was no way to fix it, we came up with a solution that, using a login script, would make a user session beep every 14 minutes. This would keep the system from timing out. Asked for permission to do this multiple times) and got crickets. Told them I was doing this and got crickets. My boss later wrote me up for it because the tech director at the ISD demanded she do so.
Lylieth@reddit
Going to be honest, that 15 min time out sounds like it was intentionally set. And you bypassing it was going against what the tech director was pushing forward.
We have a 15min auto lock screen and get multiple complaints about it. BUT, what software is up usually has VERY sensitive data on it and it shouldn't go unattended.
iloveemmi@reddit
This sort of thing happens all the time, where somebody else is negligent, thinks it's unimportant, or maybe is just too busy, and you have to make a call. If I asked you three times and got nothing, I'm sorry, I consider this delegation. Obviously this question doesn't rise to the station of whomever it was; that makes it your call. Not sure if it was the right call, but it doesn't really matter. They can reverse that choice if they choose, but they can't blame you for making one in their absence. As for the write up: kiss my ass, I'm not signing it.
I'm lucky enough to have a boss where I've had to sheepishly admit I made some dubious calls that maybe should have been his calls, but the thing is, he knows how busy he is, and he trusts me to make the right call most of the time when he just can't fully perform every duty assigned to him. I do my best to honor what I understand his priorities to be. It's easy because he isn't just a paper pusher, he's one of the most talented systems guys I know. So his priorities aren't fucking stupid.
MorallyDeplorable@reddit
You don't understand the point of a writeup if you think not signing it means anything.
JustInflation1@reddit
Indiana school for the death?
Monsterlime@reddit
Imperial Star Destroyer 😜
digitalnoise@reddit
ISD = Independent School District (typically in this context).
ISDs are usually comprised of multiple geographic areas that individually cannot support a school district. A group of rural towns may form one, for example, because on their own they cannot support a school district, and the nearest may be too far away to be practical.
OcotilloWells@reddit
I don't know about other states, but they are all over Texas.
Mackswift@reddit
Minnesota, Tennessee, southern Illinois, and a number of areas in Indiana too.
superpj@reddit
Spent 2 years working on a huge knowledge base with massive details about how everything in our whole company worked. A self contained wiki so no outage could hurt it. Management found out and because it wasn’t their idea they made us delete it then a few weeks later there was a “strategic initiative” to document the entire environment in a different platform that they then decided a year later the platform they decided on was too buggy, dependent on vpn and AD had to be working.
thesals@reddit
I worked in Data Center Operations... My job was to sit in a room with 6 other guys and if we saw a server go down on the board we looked up a spreadsheet and identified the engineer in charge and called them.... I wrote a script that could automate everything our department did.. when I presented it to my boss he had my contract terminated.
ciabattabing16@reddit
This did you a favor. Yes, in the explicit it was a mistake. But in the larger sense this job was absolute and total bullshit. If that's all they were going to pay a TEAM for then fuck that job. There's no advancement, there's no challenge, and you'd have been bored out of your mind. If basic improvements and presenting them to your superiors make them immediately eliminate jobs and don't think about the resources they now have available for other things, fuck everything about that job.
What your boss could have done was said ok, here's some other tasks I can assign these guys to, or other duties we can absorb in our contract and bill more for. Show me what else you can automate when we do that. Jobs are filled with stupid managers. But typically they're profit driven.
ms6615@reddit
Yeah this manager seems very stupid to me. An employee comes to you and says “hey btw I can easily do tons more work for you for no extra effort or money” and you FIRE THEM?!?! A good manager would protect that and utilize it, a mediocre one would just let the employee do it and take all the credit it…but it takes a true idiot to be offended by the efficiency of your employees.
jr-416@reddit
He probably saw his "empire" threatened by a rogue employee. Really depends on where the manager is in his career, if he wants to do the same dreary job until retirement because retirement is a few years away I could see this kind of behavior -- doesn't want his cheese moved.
There are phrases words that describe the manager , lazy, resistant to change to name a couple. But not stupid.
wowsomuchempty@reddit
Ha, reminds me of when I did some extra dev work (still in use), and my manager at the time chewed me out - as she didn't tell me to do it.
Some people are petty and insecure, too bad.
PowerShellGenius@reddit
I'd agree 99% with what you said - but while the way the manager handled it was terrible, there is some understandable reason for him to be hesitant and nervous about a newbie writing scripts like that. He should have talked with him about what can/should be automated and been receptive to the idea, but questioning it is not a bad thing.
The last thing a manger needs is for a newbie to write a script than handles 95% of occurrences of some task well, and screws up the edge cases, and then start trumpeting about how they can automate the whole department to the point where upper management hears about this still unproven script, and develops an expectation that it will fully 100% automate the department.
Boss should have said "that's great, let's keep this quiet while we test it thoroughly and figure out the best way to use it" and then gone from there.
ciabattabing16@reddit
I like the fantasy you live in where you have a technical manager. If this land of make believe exists then I'd agree.
PrincipleExciting457@reddit
I don’t usually tell people when I automate something. Then I can just cruise. I understand being new and wanting to share a success though.
rollingviolation@reddit
or find a team that encourages it.
The more powershell scripts and bash stuff my team learns, the better off we are. Automation allows us to do more cool stuff. Fuck me if I'm going to upgrade the RAM on 500 virtual desktops by hand, and if someone on my team is doing it by hand, they can go back to the help desk.
Lazy sysadmins are the best sysadmins. We'll do a full day of work looking to avoid doing a full day of work.
h311m4n000@reddit
I always tell my colleague who's a junior helpdesk that he should always try and do whatever he can remotely and start to script stuff. Laziness is indeed what makes a sysadmin a good sysadmin. Avoid contact with the sheep as much as possible.
deltashmelta@reddit
"Never again!" can be a lifestyle.
mikki50@reddit
I also get too excited about my automations to keep them quiet
Geminii27@reddit
Never tell, always automate, and shift to remote work.
DragonspeedTheB@reddit
This is the way.
MyClevrUsername@reddit
Serious question, what did you think would happen? If you are going to write a script that eliminates an entire department you need to go at least 2 levels up the chain.
thesals@reddit
I was young and stupid, it was my first job working for a megacorp and they were still heavily invested in IBM mainframe in the 2000s.
flummox1234@reddit
see the senior IT pros recognize that you implement the script and just don't tell anyone LOL
How is it you have so much time to catch up on TV shows... 🤔 LOL
MyClevrUsername@reddit
You: Hey boss! I wrote this neat script that gets rid of you, your pension and your entire department! Boss: You’re fired! You:
RevLoveJoy@reddit
I'm glad it was just you laughing at them and, ya know, not like all the rest of us. You monster.
Darkhexical@reddit
Curious how you went about making the script actually call someone.
thesals@reddit
Cisco Call Manager supports scripting, add some text to speech and you got yourself an automated call. Then you also send the technician an email and you're cooking with gas.
daniell61@reddit
My coworker did this for some of the stuff me and three others are explicitly asked to do weekly for our job.
He got passed over for promotion three times.
He wonders why. I approve of efficency but dude don't piss off the CTO loo....
McGregorMX@reddit
A smart boss would have left that script, and bought an Xbox for you to all play on while you were "working"
cartmancakes@reddit
Ive had that exact job before. I almost did the same thing!
NoPossibility4178@reddit
Yeah I work in automation and guess what, people will fight tooth and nail to not get automated.
Geminii27@reddit
Yep. If the higher-ups hear about the automation, they'll cut the team's budget because now they need fewer employee-hours to do the same work, right?
NoPossibility4178@reddit
Actually yes, the company never had layoffs or cost cutting by firing people but if someone leaves they'll cut the budget for new hires or just give you a lot more work, not let you reap the benefits of all the automation (obviously it's for the shareholders, they deserve it more).
reddit_username2021@reddit
Most likely, people in this department were hired because they knew the manager, CEO, or were related to some other big fish.
Geminii27@reddit
Well of course. The boss could sit back, run the script, and keep getting the same budget for fewer salary costs now. Or they could save it up for a rainy day and claim a massive budget savings, get a bonus, and springboard to a promotion.
You being there would interfere with their narrative of them being the clever one or financial whiz.
randomman87@reddit
You needed to present this to your bosses boss, or even higher. Still might have happened but yeah definitely not to your boss. New to the workforce naivety?
Proper_Cranberry_795@reddit
Automated yourself out of a job eh. Sorry to hear. It’s Better to automate your job and not tell anyone.
Ed_the_time_traveler@reddit
You can't automate the cash cow away.
AtarukA@reddit
Criticized the business model of the company, explaining why it couldn't work and suggested another one.
Manager wrote me up for insubordination, C-level gave me a raise.
ImpostureTechAdmin@reddit
That's not drama, that's you breaking org policy. Requiring signed scripts and end user software vetting is like security 101, and the fact you didn't ask before you started downloading stuff (albeit well known software which is a pretty safe bet) is pretty lame lol
In any even remotely mature organization, just ask.
Dabnician@reddit
I wrote a vbs script to clean up a ms one click install issue for agent stations when they had a restricted desktop and zero explorer access.
The server team got all pissy because i used the "language of viruses"
OtherFootShoe@reddit
Idk if it counts but in my early IT days. I created a Windows update script to update all machines and keep them current. .inside the script it also said reboot when needed.
Pushed it out and rebooted about 1000 computers at once....on a monday....at 11 AM...
I was told not do that again.
SleestakWalkAmongUs@reddit
Nothing comes to mind other than stepping over my boss once or twice to get the ball rolling. But dude, you can't just go running customs scripts on government servers. I'd be pissed if a tech did that on one of ours and we're not even in the government sector. You were hired for a specific role, that you accepted, best not to stray from it too far. I get what you were thinking, but what were you thinking?
ArtificialDuo@reddit
Had a VPN outage. Fixed VPN and had to deploy a newer better server in its place. Got in trouble for "upgrading VPN solution without change approval or business assessment."
aes_gcm@reddit
Well yeah, changes do need approval.
ArtificialDuo@reddit
Didn't explain it well.. Had to deploy a new server to replace the broken VPN server in response to a P1 outage. Literally Months later change board + business development units learnt that I "fixed the VPN by 'upgrading' the VPN" which is why they were "upset". Not because I fixed it but because they couldn't get their names on it as solution designers. This is a situation we deal with regularly..
aes_gcm@reddit
Ahh, yeah under a break-glass event, you clearly have leeway.
wiseleo@reddit
Work-study at some IT training company. I think it was Novell training. We used Windows for Workgroups 3.1 I think. I identified something that used DOS mode and improved it somehow. I can’t remember the details.
They ended my work-study. :(
You’d think a school would appreciate someone improving an IT process.
Tb1969@reddit
I updated a program that I wrote 15 years ago that did merging of various individual reports into tailored multi-reports for specific users to then be emailed out to those users.
I worked hard to make the process faster and smaller resulting report file size with new error checking to get the end of the day report employees off the clock earlier by ten minutes ending their day that much quicker. Well, the lead User for end of day reports who usually runs it, got territorial since they wanted to be THE report person. They deliberately caused problems on the upgrade implementation. The user intentionally tried to make me look bad for no other reason than to make themselves look better in comparison to their superiors.
I had layers of upgrades to the code and added automation to implement to shave time off time off the process. That user melted down on the first layer I was applying. Long story short, I locked in the first phase of change, froze any further changes, and walked away.
I went above and beyond the call of my job, working hard on something that would have benefitted that user more than anyone else and the user retaliated.
At 4:20p EST every weekday, I have a quiet alarm go off on my phone to remind me there is a self-centered User working an extra ~8 minutes per day at that time because the User is an asshat that hurt themselves while trying to hurt my reputation.
Over a year that 8 minutes totals nearly 34 hours that the user will be doing extra work. Well, deserved extra work.
mbkitmgr@reddit
Gov job too - IT Mgr. My staff set up Wifi for vehicles returning to the depot - this allowed data to be automatically downloaded from the tech in the trucks, rather than rely on the field guys to upload on their return. Because my guys needed to sort out some issues, security was turned off for a few days and we forgot to turn it back on. I found out and had to report it to the GM as a significant event. I told him what had happened and offered my resignation, he was visibly and understandably pissed. He declined my wish to "fall on my sword", and instead put me on a pseudo 30 day probation - if any other issues where to float to the surface I was to be shown the door. We brought in a 3rd party to audit our systems from top to bottom for 2 weeks - they found nothing and instead (this bit is hearsay from the Dep GM) given what they had seen, he was advised not to fire me.
ExLaxMarksTheSpot@reddit
Shadow IT setup a project server and locked themselves out of it. They asked me to fix it, so I went in on the weekend and reset all permissions. Explained to the business they would need to recreate the project server permissions. Sent them an email reminding them and left two voicemails. They did nothing and the CIO was pissed Monday when no one from the business could get into their project server. I was told by my director to go apologize for what I did. I asked if I was not supposed to help them, and the director said, no, you should have helped, but you broke it. I explained the situation and my boss thought it was ridiculous, but the director still sent me to the CIO to apologize. I apologized, and wasn’t working there a month later. No good deed goes unpunished.
Ok_Initiative_2678@reddit
Man, fuck all that noise. If "shadow IT" sets up anything and IT finds out about it, best case scenario is I return it to IT for forensic investigation, then wipe it and put it in inventory. Worst case, I find certain kinds of data that mean the idiots responsible face fines, civil liability, and even possibly 5+ years in prison.
PowerShellGenius@reddit
DoD or military contracting with classified data?
In a typical corporate setting, while you would definitely get prison time for stealing data (exfiltrating it to take home with you for nefarious reasons or send extrenally) - I have never heard of anyone in the private sector without a security clearance getting prison time for using a computer system at work, for work purposes, not taking any data out of the workplace, trying to do their job, in an unapproved way / with an unapproved system.
If that's an actual thing, it reinforces my worldview that judges and prosecutors in the United States of Mass Incarceration are more deserving of prison (or the needle) than 99% of people they put away.
Ok_Initiative_2678@reddit
Fully private sector, but when you contract with companies that are gov't/military contractors themselves, you end up having to treat the data just the same. CUI is CUI regardless if you're Lockheed Martin themselves or if you're just the little guy they source their sprockets and widgets from.
Mandelvolt@reddit
Not a great way to make friends around the office, but yeah HR should be notified and let them deal with it.
Ok_Initiative_2678@reddit
Honestly it's cliche but I'm not there to make friends, and if I do anything less it's my ass on the exact same chopping block with the exact same potential consequences.
visibleunderwater_-1@reddit
This sound VERY familiar. Are you in some "regulated" space? I do ISSEC at an 800-171 DoD contractor company, member of DiB, a handful of us have to keep a clearance, etc. I'm the same way, I don't GAF who you are...the DOJ isn't FA anymore, and when CMMC finally comes down it will be worse. I've told various Directors, VPs, etc that "we can't do that" for a variety of reasons. I will report anyone after the 15-day window as outlined in our contractual and regulatory requirements. It's either them or me, once I've found something.
If they complain, I tell them "You can try to contact your Senator or Representative, and have them sponsor some language changes in DFARs"
william_tate@reddit
That sounds like shadow IT we’re setting up a side business and the CIO was behind it, you stumbled across it and they couldn’t afford for you to know about it, rather than getting the flick for helping out. Still regarded whatever way you look at it.
koliat@reddit
They should have had shadow restored from shadow backups I reckon
NeverLookBothWays@reddit
Not so much trouble from higher up, but I once wrote a utility that helped identify which PCs were actively in use based on usernames or other inputs. I could then use it as a launchpad of sorts for remote control, remote management, powershell, or other remote utilities. I wrote it for myself primarily...but my mistake was sharing it with co-workers. It became a little too useful however, and I found myself being the maintainer of software I really did not want to support for anyone but myself. Sunsetting that was a tough one (although I did offer the source for anyone to take over...no takers).
lecodeco12@reddit
Hi,can you share code here ?
gunsandsilver@reddit
Over a decade ago… First few weeks as a senior admin at an msp. Client calls in, they’re totally down. Helpdesk can’t resolve, so an onsite was needed. Client approved billable service. Management was in a DND meeting. I hopped in the car and resolved the issue onsite within an hour or two. Client happy. Drive back to office, got chastised by leadership for “white knighting” the situation. When I pressed the issue they agreed they would have sent someone onsite, but were unhappy I made the choice without their approval. Client was happy and we made money. Never took much initiative after that, just did what was assigned moving forward.
michaelpaoli@reddit
Oh, in some sh*t environments, fixing things, providing solutions, etc. gets one in trouble, e.g. some examples from one such fscked up environment I contracted in for a bit:
There were lots more examples from that royally fscked up work environment, but those are at least two that quickly jump to mind.
spin81@reddit
FYI you can say fuck in this sub
HoustonBOFH@reddit
In this industry, you often have to!
miscdebris1123@reddit
Some people don't like to curse.
Some use it as punctuation.
land8844@reddit
Yeah but fsck is more fun because double-entendre
Apprehensive-Sea6535@reddit
They were terrified you were taking their jobs away
ElevenNotes@reddit
Back in the day I wrote an app that compared AD with HR ERP and automatically deactivated accounts that where not on payroll anymore (were marked as left company). This deactivated accounts which were still used, illegally, as contractors or consultants but with employee accounts instead of third party like they should. This got me in real trouble with HR who run that illegal deal under the table and I got a writeup for breaking protocol by accessing the HR ERP without their written consent. Funny thing the corporate IT world, even back in the day.
MorallyDeplorable@reddit
One of my first projects at my current place was syncing payroll to AD and G-Suite. Fun project, honestly.
ElevenNotes@reddit
I should have asked for permission, that sure was a mistake, but HR paying people that had no active contract anymore was against the law and compliance, so they go pissed when I discovered that people used employee accounts that actually worked for other companies but had licenses and everything assigned to these accounts, for free of course 😉.
MorallyDeplorable@reddit
I don't think you had any idea what those accounts were, lol.
At the end of the day you did a massive restructure of a critical business tool with no approval or foresight by accessing confidential data without permission. From the sounds of it you didn't even do a trial run before just running it.
I'd fire you over that if you were under me without any hesitation.
ElevenNotes@reddit
Oh no I did, my supervisor signed off on it, just HR was never involved. I'm glad you are so good at assuming 😉.
MorallyDeplorable@reddit
You can't even keep your story straight. Last post it was 'I should have asked for permission', now it's 'my supervisor signed off on it'.
ElevenNotes@reddit
from HR
MorallyDeplorable@reddit
Did that HR take your ability to clearly communicate too?
ElevenNotes@reddit
No, that was Reddit and strangers like you who don't know what anecdotal quotes and stories are.
MorallyDeplorable@reddit
Lol, yup, it's clearly Reddit's fault that you shared a poorly written anecdote then changed your story multiple times when people said you were being stupid.
grimnir_hawthorne@reddit
This is the way. Continue on.
Geminii27@reddit
Never tell your boss when you automate something. You'll never get paid more for it or rewarded.
afinita@reddit
Am I not in r\sysadmin? Not tell my boss I am doing my job?
Geminii27@reddit
Is it specifically part of your job to automate those things?
marth141@reddit
Pretty true. While at one of my prior jobs I had built out some tool that helped automate parts of the department and instead of any pay raises or change in title, I was responsible for the tool until it was replaced by official IT. Eventually left this company but more and more I'm learning, "Don't do anything unless explicitly asked and signed off on by leadership."
VirtualPlate8451@reddit
Tried to automate onboarding with a Microsoft form. Needed to ask for the desired 365 password and just hitting enter on a question with the word “password” set off all kinds of alarms.
It threw up warnings on my screen and even alerted the domain admin (my boss) that I was trying to make a phishing site.
ms6615@reddit
Why are you asking anyone for a “desired” password? That does nothing but create a situation where you know a user’s password. Generate a random password automatically at account creation and force expire it on next login. Then the user sets their own password on the first login.
comperr@reddit
Lol you're supposed to assign them a temporary generated password and have them change it at next login.
william_tate@reddit
Not me, a predecessor at a job. Was looking through a server and there’s a file in the C: drive, 1gb in size, can’t remember the name of it. No real reason for it, so I ask my work mate: “Hey what’s this file for?” Workmate, laughs: “Oh yeah, so a couple of sysadmins ago, we had a guy who created all these 1gb files until a drive was full, completely full. Basically, his theory was, you keep the drive full and when the users need space, you delete the files, 1 at a time. So we tried explaining how disk space and so on worked, especially with databases, but he wouldn’t have it.”
reddit_username2021@reddit
Let's say you have very low IT budget and access to DB is exposed over VPN accessible from private devices. If DB size is 100 GB and you have 156GB of free space, it may make sense to create two 50GB empty files to prevent ransomware attack. There simply won't be enough disk space to save encrypted file. I know, shi$$y, edge case
p90rushb@reddit
This is why I always carry two sacks. When someone asks me for a hand with something, I just say "Sorry, got these sacks"
TKInstinct@reddit
I wrote scripts that I never asked if I could use, I was in my first days as a jr admin and didn't know that it wasn't Kosher to write scripts and then utliize them on DC's. We were using a zero trust enviornment and I disabled it on the DC and then installed what I needed. I got caught and while I didn' t get yelled at or anything, I got a good talking to. Thankfully they were good to me and saw something in me because I kept my job and I got hired full time not long afterwards.
AfterCockroach7804@reddit
A small program that, when opened, gave the user ONE option:
“What i am trying to do or know is: _____” [ GO ]
It would then redirect to https://google.com/?q=Search%20Query%20Here
They said it was too passive aggressive. I was tired of “wait, how do I turn on the speakers on my desk?!” “The power button.” “Do I have to have them plugged in?”
g3n3@reddit
It isn’t high school. It is called security.
Decaf_GT@reddit
"I found a random free PDF to word document converter online to save us time and my boss got so pissed at me for some reason. Sometimes it feels like high school".
That's what OP sounds like to me. Not your infra, not your risk or liability to take.
g3n3@reddit
That is right. Just immaturity. I would also say the leadership isn’t impressing enough upon juniors about security.
AntelopeUpset6427@reddit
IT is the security, even if you don't work on risk assessment
MekanicalPirate@reddit
A Windows 2008 R2 server was failing processing Group Policy and wasn't getting all the proper GPOs applied. Fixed the GPO processing issue then found out that the server had been failing processing for so long that our policy posture had changed so much since since it started that once the server finally successfully processed all current-day (at that time) GPOs that something conflicted with the hosted application and brought it offline.
Of course, was talked to about bringing the application offline with no mention of fixing the Group Policy processing issue.
raft_guide_nerd@reddit
I did 9 months of hard time consulting to a county government. Never again.
ActiveVegetable7859@reddit
One time I found a directory traversal vulnerability in a web app that could expose information that shouldn’t be exposed. Fixed it and ended up breaking another part of the app stack because the devs were relying on the directory traversal vulnerability for their code to work properly.
Another time discovered the app server on an HR app wasn’t configured to only talk to the web proxy and the app “authenticated” the user by checking only the user name passed in the http headers. Anyone could log in as anyone and there was no easy way to detect unauthorized access. Fixed it by setting the app server to only accept incoming requests from the web proxy and opened a bug to set up authentication so it would check the authentication token. Ended up breaking an HR reporting tool that relied on direct access to the web server and made the engineering managers and the leads very mad by insinuating that they didn’t know anything about web security; they were experts! Was also told that no one would ever find the vulnerability so there was no point in fixing it.
_bani_@reddit
willful negligence carries legal liability
thefrc@reddit
I designed, sourced, and built a SAN. This was back before storage was well understood. I made two mistakes. First, I listened to our high priced consultant to use soft zoning instead of hard zones. It worked fine after I put it back. Second I built an secondary SAN using disk that StorageTek said we shouldn't use for block level storage. It worked fine, but the sales guy threw a hissy fit to my bosses boss. I left shortly thereafter.
wrt-wtf-@reddit
That's a top 10 rule in govt: Never make your boss seem inadequate by doing something they wouldn't or couldn't themselves.
mingepop@reddit
It’s crazy hearing the government wants to tax its citizens more as they can’t afford public services. Then you hear about stories like these and wonder if government jobs could be more efficient
hoeskioeh@reddit
Unsure, maybe it was really me who f-ed up?
This Intel microcode x129(?) bug/fix for frying their CPUs turned up as a topic a while ago.
Someone asked me for a list of endpoint/CPU/BIOS version.
Sure. No problem.
At that point in time all I had at hand was the filter "13th and 14th generation". I swear to my favourite drink!
List came up in the hundreds.
Some weeks and meetings later I somehow ended up in the meeting about finally informing the users about some major disruption, mandatory restart. After quite some time in, after listening to arguments on how best to phrase it in a way that users do not power off during BIOS update I remarked, that the numbers where inflated. 500+ was too high, since by now a list of apecific CPUs was out.
So I regenerated the list. With the new filter.
29 endpoints, 10 of which already had the fix installed (plus one VM).
...
Meeting ended with "let's just walk these down individually, no need to scare several thousand people."
The guy who had tested remoting the update for days just hung up.
I could have kept the list current when new infos came out, but I didn't check Intel's press releases regularly. But so could have done whoever was in charge of that project...
flapanther33781@reddit
People have no idea.
Take the worst office politics you've seen in the private sector, and multiply that by 5x-10x. Front-line employees backstab each other like they're gunning for VP positions, daily.
Don't even dream about outshining your supervisor unless it's at a task they specifically asked you to do, and under absolutely no circumstances should you ever disagree with them, especially if they were in the service. 95% of the time they won't make a scene, but they'll start a paperwork trail on you and get you flagged as a problematic employee and make your world so horribly annoying that you'll want to quit or leave to another team.
reddit_username2021@reddit
Our team has been working very hard for years to migrate our primary enterprise-wide application to AWS. Some time later, internal developers developed a system I know very little about and connected it to the application server. Since I take care of the application server and they were literally running DOS on it, I blocked the traffic. It didn't last long because management forced me to unblock it. The management tries hard to silence me, I take the blame from the users for the slow performance of the application server, and nobody wants to do anything about it...
JudgeCastle@reddit
Similar. We had a bunch of accounts which were generics for our road techs. High turnover position. One got compromised so we wanted to force Pw reset on that OU. Decided to throw some pwsh code together, do it in one swoop vs individually. Talking like 200 accounts.
When I told them an hour or so after I was tasked it was done, they were confused how I did it so fast. Got finger wagged for using code. They didn’t know how it worked and it made them nervous. Posh is easily readable by a layman. Shrugged it off and left like 6 months later for a place that wants me to learn code. Is what it is.
mongolian_horsecock@reddit
I work as a field tech, we rely on a bunch of scripts to do our jobs effectively that are maintained by a team of engineers. One of them was broken the months and I got annoyed so I decided to fix it myself. I figured out what was wrong with the script, but I wasn't allowed to modify the script so I sent the fixed script over to the engineers to deploy. We use ninja to store/run the scripts and for some reason me viewing the script was logged as me modifying the script. So head engineer messages me asking what's up and I told him no that was an error you can view the change logs and figure out I didn't do anything to the script, I only made a copy and fixed it on my own PC locally. Lead engineer decided that was too much work and reported me to my boss and the director. Eventually they realized I didn't do anything wrong but like they were pissed for me " doing someone elses job". Fucking script was before for like 6 months and over 40 techs rely on it and I got fed up lol. Without the script it's like an extra hour or two of work a month per tech. I'd go somewhere else but I barely do anything at this job and work from home so
melatoninOD@reddit
you really shouldn't be installing random software without some kind of submitted CR, especially in government. although it was vs code this time, it won't bode well if you download other stuff you think is safe but is unapproved. an easy pitfall is 7zip.
AntelopeUpset6427@reddit
Vscode would be signed but the stuff he wrote would not be
melatoninOD@reddit
doesn't matter if they did all their due diligence and checked the hash, they still aren't supposed to install any software without some kind of documentation beforehand. if vscode or any of the dozens of packages also installed have some kind of security patch, how are people supposed to know what machines need patching if other people are just installing stuff everywhere since it's "safe software"?
tyrantdragon000@reddit
What is the issue with uzip?
Gavrochen@reddit
My guess is that the developer is Russian.
epsiblivion@reddit
How about peazip
melatoninOD@reddit
that's the recommended alternative by most agencies.
pc_load_letter_in_SD@reddit
I rolled out BGInfo to some test my machines because it took ages for users to get me the machine name when they needed remote support.
A couple users called and complained that the text was "too intrusive". Okay.
BigBangFlash@reddit
Back when I was lvl 1 tech support, I got a ticket about a specific engineering software crashing everytime the computer went to sleep. If users didn't save their work and went to lunch, they basically lost their morning's work since they had to reboot to even reopen the software.
By tinkering a bit, I figured out the HP Zserver crap installed for remote access that was rushed when Covid started was interfering with X11, and the app didn't actually crash but had trouble displaying the windows when recuperating from sleep. While I couldn't fix it, I found that if we simply restarted the XServer (or killed the windows, I don't exactly remember), it fixed itself. So I wrote a super simple bash script that I put on the users desktop, double-click it and you get your work back. All users were extremely happy, even though it was only a workaround for the moment.
Well I got yelled at by the sys admin in charge for taking this ticket. While I thought I was doing my job (I got a ticket, answered the ticket and found a work-around), he told me I should have opened another ticket with the internal software team. Even though they had like 5 tickets about that exact issue that had been opened for over a month for which I found a work-around for in about 2-3 hours of tinkering.
At the same job, I wrote a simple EDID file to point the Xserver to since users were all working from home and "we didn't have enough monitors" for the job. The way HP-ZServer works is that it remotes into the actual Xserver, so if we plug 1080p monitors at work, the users get 1080p resolution remotely. If we plug in 4K monitors, as long as the users have 4K monitors at home they can use them at full resolution. It's such a weird software. Anyways, instead of having them buy like 100 monitors, I pushed a very simple EDID file to a few workstations with varying resolutions to show how we could save tens of thousands of dollars. Well, you could have guessed it, the same sys admin yelled at me for not opening a ticket, have THEM review it and implement it. So they bought like a 100 EDID HDMI plugs and a few 4k monitors.
I left right after, that one single guy was seriously unhinged.
Quiksilver15@reddit
I created a simple webpage that I could use to navigate quickly to office printer webpages. I used it to check toner levels, print jobs, jams etc…It turned into a copy of dreamwaver being purchased for me and management wanting more robust webpages for our tech group.
tehgent@reddit
A call center I worked at years ago used emails to do some tasks, like resetting a voicemail PW, you could email this specific email with the number and it would just do it.
Anyways because we had a bunch of stuff like this, I wrote a simple HTML page that I used to click a link, fill in the banks and hit send kinda thing.
The other call center folks asked for it and loved it.
HR tried to get IT to get me fired over it. IT was like, this page is brilliant, it makes their jobs easier, he just needs to make some corrections and it's good.
viper233@reddit
We had a prod deployment process that jumped around 4 servers to run scripts, they were all stored locally on those servers. There was no interaction with out monitoring/alerting systems and developers would just restart services on servers behind the load balancer. We'd constantly get outage notifications during developer deployments but we knew it was just deployments going down. This was all around 2014-15.
I had implemented Ansible across an org previous for configuration management just after it came out late 2012, was upfront about using it after playing around with puppet in previous roles. They were trying to implement deployments (and configuration management) with puppet, it went no where for about 12 months with my team also working on it, I certainly helped out where I could but getting the implementation right was a moving target and handling unique cases was a nightmare.
I spent 6 weeks writing a deployment system for the devs to be able to use different branches of their code on development/staging servers that copied what was going on it prod. Turns out with Ansible I was able to recreate the deployment system, put checks in everywhere, handle different environments, handle alerting notifications and load balancer health and give developers a consistent development experience by configuration their vagrant boxes with the same software etc. as prod consistent (as opposed to copying around VM images). It was easily able to bounce around servers as needed, running custom scripts still if needed and handling database schema updates when necessary too. It was pretty sweet.
I ended up getting fired soon afterwards, no notice (should have taken them to the cleaners), got 6 weeks severance, had 2 weeks off, interviewed, was upfront about my Ansible shenanigans, went for a mid level role but ended up with a senior role. Had another week off, went overseas for a vacation for 2 weeks, started my new job when I came back, 36% pay raise, so actually ended up ahead in more than one way. My career took off in the new role, got a lot of AWS experience which was pretty valuable at the time.
Taught me some valuable lessons about when to leave a role. Some times it's just not worth your time sticking around when things aren't going right no matter how much you try to do things right. Right is different from everyone's perspective.. but huge efficiency boosts and making life considerably easier for developers was my right. When you've got others around you constantly under-performing and producing incredibly bad code/infra, it's time to move on. Well, first get some honest feedback from peers in the industry, make sure YOU are not the a-hole and then move on.
Kirk_Gleason@reddit
A couple of years ago, I wrote a PowerAutomate flow that would grab a random name of a person in a given Team and substitute their name into a Chuck Norris fact that I would query from their API. The final “fact” was then published into a Teams channel.
Despite the fact that I learned a bunch about using Power Automate, and it wasn’t in a public place, and the rest of the team thought it was amusing; HR wasn’t too thrilled about it.
SecretSquirrelSauce@reddit
I mean... you downloaded 3rd party software to process government documentation through. I can absolutely see why your boss would be pissed. Certainly there is a process for "hey boss, I think we can do this better, can we requisition the right tools so I can try it in a safe environment?" Instead, you went off on your own, possibly jeopardizing compliance that the government organization is beholden to.
hotfistdotcom@reddit
800 employee multi-site sub-contracting company going from ownership by company A to subsidiary of company B. IT director, who was previously just an ERP person says "we will just use outlook as a ticketing system." I say no. She says not to spend time on any other solutions, helpdesk will be fine but I know it will make infinite work for me in managing them and also doing my admin work, because she could not manage them as she was an ERP person and great at that but not so good at saying "no, that request is not reasonable."
I just stayed late and spun up spiceworks, got it going, sent everyone logins and instructions and said we're doing this instead of outlook, fully expecting to get a reaming but she was SO happy, the service desk was so happy and I was blown away that it scaled to over 4000 tickets, self hosted on some shitty old workstation in the corner of my office with zero performance issues and was flawless. Seriously a great ticketing system and it bridged the gap until we joined up with the new company and transitioned to their ticketing system.
Sometimes a POC that you just ramrod into people's faces will overcome their irritation with you refusing to listen - especially if it costs the company nothing in labor or cash.
User1539@reddit
I was asked to evaluate AI chat bot solutions. I was assigned this task with the instructions "Check over these two, and if you can think of any other options bring them to the table."
At the time I was working in a place with a lot of sensitive data, and they wanted an AI chat bot to help answer questions about that data. But, in evaluating the options, security told me we couldn't actually send any of our data to the bot.
As a workaround I spun up some vector databases and used the embedding system to create a back-end that would figure out what the question was, go into our database and get all the relevant records, along with instructions on how to answer the question, then anonymize the data, and send that whole mess to the AI ... then, on the record's return, it would re-fill in the anonymous bits.
I almost got fired, because upper management had already chosen a solution, and when they demoed mine, it looked 1,000 times better, and was so obviously a better solution that everyone looked dumb saying 'Well, we already signed a contract ... sooo '
peekeend@reddit
Whe had a environment for students by students. The freedom it had some teachers where taking examens of this environment wich was fine if you told me.
Now whe had a project to bring pfsense into the high availability, this student who thought he could do it, oke try it.
Now this person pulls a backup from pf01 and deploys it to pf02. now we have two routers with the same ip address. I know that this was happening so it means down time, nice learning moment for this student. This Teacher that did mention to me that he had examens running got mad at me. While i had a perfect learning moment for this student.
DrDuckling951@reddit
I setup PowerShell to automate some email notifications. Later Network Engineer blocked port 25 on some servers (the server I have PowerShell running). Email stops. We didn’t realized what happened until 2-3 days later.
Not really getting into trouble for the PowerShell but got into trouble for not documenting the process in the main workflow on OneNote/Visio.
packet_weaver@reddit
Silly network engineer. When blocking ports that were open already, you monitor the usage, track down the users of it and find out if it is legit and then create rules for that specific traffic before blocking the port.
MortadellaKing@reddit
I fixed a problem with a client's app server on a weekend once, but it caused everyone to have to reboot their machines. Instead of being down Monday morning all they had to do was reboot or log out and log in again. Of course it wasn't taken very well and they sent me a stern email about doing work without informing them beforehand. So next time they had some major network issue on the weekend I just ignored them until Monday. "Sorry Bob, just following your instructions!"
DiaDollasignPora@reddit
See this is exactly what my company does,
They give high end machines to the devs,
New employees get new latitudes.
The helpdesk gets the oldest jankiest computers, because why would you want the people troubleshooting helping others rather than chase their own tails??
Also, our toilet paper disintegrates once it touches your ass cheeks. We profit 70 mil a year.
vdragonmpc@reddit
I wrote a script that tallied logins/outs to company equipment. Some folks were claiming late work and project time.
Boss said something about it to the CEO.
Oh boy did that go well.
CantWeAllGetAlongNF@reddit
You made him look bad
AMDIntel@reddit
Hmm... At least in local government there's no such strange restrictions. Granted my sample size is 2 government agencies.
Pied_Film10@reddit
I mean, it's the government. I think you should've known better tbh. Only politicians can get around the laws and standards that are put in place.