#sysadminnery — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #sysadminnery, aggregated by home.social.
-
It helps that *every* *single* *time* anyone has insulted me by offering slop as an answer to a problem, it has been wrong in some egregious way.
-
RE: https://infosec.exchange/@JessTheUnstill/116584328658916926
This is part of why I don’t let *ANY* slop emission at me to go unpunished.
I’m confident each step of my management chain appreciates what my humanity brings to my job, but customers are a different matter; they hire us because they lack IT chops. LLM-excreta give them the false impression that they can get an answer in seconds that I might take a day to write up a bit differently. E.g., with 'not' inserted in many places... -
Had an account manager feed me slop to “help” me address a MS365 problem today. Turns out Copilot is poorly informed about how today’s MS365 operates.
In its defense, it DID give me the key phrase that I needed to search for to understand the problem. It just told me to look for it in places where it is not. An actual web search enlightened me.
-
Today MS365 forgot the existence of both of the 2 rarely-used accounts I have with them solely for the purpose of supporting one of our largest clients. Then an hour later they remembered my existence, so I could reset the password that needed resetting.
How do people use this garbage and find it acceptable?
-
Cloudflare Turnstile is garbage. If you use it, you will turn away Safari 26 users.
The troubleshooting process can get Safari users to a page where CF admits that they are requiring browsers to be fingerprintable.
FUCK THAT.
There is NOTHING online that is so critical that I will knowingly give a consistent fingerprint of my browser to Cloudflare. They are not an ethical actor. They absolutely cannot be trusted.
-
Cloudflare Turnstile is garbage. If you use it, you will turn away Safari 26 users.
The troubleshooting process can get Safari users to a page where CF admits that they are requiring browsers to be fingerprintable.
FUCK THAT.
There is NOTHING online that is so critical that I will knowingly give a consistent fingerprint of my browser to Cloudflare. They are not an ethical actor. They absolutely cannot be trusted.
-
Cloudflare Turnstile is garbage. If you use it, you will turn away Safari 26 users.
The troubleshooting process can get Safari users to a page where CF admits that they are requiring browsers to be fingerprintable.
FUCK THAT.
There is NOTHING online that is so critical that I will knowingly give a consistent fingerprint of my browser to Cloudflare. They are not an ethical actor. They absolutely cannot be trusted.
-
Cloudflare Turnstile is garbage. If you use it, you will turn away Safari 26 users.
The troubleshooting process can get Safari users to a page where CF admits that they are requiring browsers to be fingerprintable.
FUCK THAT.
There is NOTHING online that is so critical that I will knowingly give a consistent fingerprint of my browser to Cloudflare. They are not an ethical actor. They absolutely cannot be trusted.
-
Cloudflare Turnstile is garbage. If you use it, you will turn away Safari 26 users.
The troubleshooting process can get Safari users to a page where CF admits that they are requiring browsers to be fingerprintable.
FUCK THAT.
There is NOTHING online that is so critical that I will knowingly give a consistent fingerprint of my browser to Cloudflare. They are not an ethical actor. They absolutely cannot be trusted.
-
Some people might call it a company culture problem that all of our customers are used to just emailing my boss whenever they have issues. I call it a way for his vacations to also be effective time off for me…
Of course, what I do on those days is all the tech debt stuff that I can never get done while firefighting.
-
A few times monthly we get alerts from a MDR provider of data flow ceasing from one of the dozen clients we have set up for them. It’s never clear what’s gone wrong: the tool is an effectively undocumented "install this & run it" blob. I wasn’t involved in selecting this. I'm extremely skeptical of the provider, who owe their independent existence to a massive public breach under a former parent some years ago: problem unit(s) were spun out to save the parent.
My reply:
#InfoSec #Sysadminnery -
RE: https://infosec.exchange/@david_chisnall/116543566441127430
I cannot begin to count how many words I’ve written about SMTP (and email in general) being unfit for various purposes.
The only sysadmin subspecialty I am notably advanced in is email administration.
-
I wish I understand *why* what I did fixed the problem that I still don’t understand, but it did.
I was just trying to get all 5 VMs involved onto one host so I could snoop on the traffic between them more easily.
I’m blaming stuck ARP or Spanning Tree. Two of those VMs were briefly fighting over the same IP last night before I fixed the freshly-minted clone to use its proper new one.
-
2 new chassis, 4 nodes each.
1 stalls in POST.
2 are still untouched (booting to UEFI shell)
2 have been installed but won’t boot from the disks
2 booted after install, but I oopsed something
1 is exactly what I want.I’d kill for a way to copy BIOS configs & to tell the AlmaLinux installer to do a 3-way mirror on 3 SSDs & slice it according the selected security profile. I guess I need to learn Kickstart...
(I wouldn’t kill a human but I’d kill *something.*)
-
It’s really appalling how much time I waste trying to figure out which antique browsers on which platforms I need to run to talk to all of the antique hardware that I support.
This message brought to you by PDUs with no solution...
-
I started out trying to fix a problem between my Nextcloud Desktop client and one server, ended up submitting a patch to MacPorts for an update to the cadaver port. Perfectly normal sequence.
(Nextcloud client DOES NOT use cadaver)
-
WHY in 2026 am I having to flip switches in Setup to a "legacy" boot to get it to boot from anything but the network???
OK, so these aren’t exactly new nodes. Supermicro X11 boards with Nutanix firmware(?) that are designed to drop into a cloud infra setup. But we don’t have that.
The boot order SAYS try disks of all flavors but it just doesn't do that.
I blame IBM. This whole architecture was a botch from the start and has just gotten slimier as we've "fixed" it.
-
Just ran out of brainpower for the day trying to fix WTF a dev w/root on a production box did to deploy a #uwsgi application. Dev in question: no longer available. Apparently he didn't know there was a EL package available or how the “Emperor" rig works, so the app needs to be started by hand on every reboot. This was not a documented fact.
I failed to hack up a fix. The Emperor kept cursing the application instance. I like the absurd terminology, hate the documentation... -
I don’t care who says it happened, it’s LIBEL!
@spamhaus has never had a “list everything” event by choice. I have used their services since the beginning and I would have noticed.
No, I’m not going to point at the latest instance of that defamation. But wherever you see someone claiming that you can’t trust Spamhaus because of them having done that, know that you’re seeing the words of an idiot or a butthurt spammer.
-
Oh. Huh. Imagine that….
The .org root DNSSEC is gerbusterficated or in transition or something.
-
dnsviz is being cranky for me. Everyone else stop using it for the day, OK?
-
Oh, cool… In addition to the repair of monitoring at work causing a flood of harmless alerts, one of my colleagues on the SpamAssassin PMC sysadmin team noticed dead email on the QA server, so what I thought was a reprieve was just a blockage. And guess what that caused? A flood of queued messages covering the last month’s dysfunction.
I am grateful for past me, who picked a MUA that he could set up on the assumption that there would be floods from perfectly innocent bots.
-
Just logged into MS365 for the first time in weeks.
I feel like every time I do that, they’ve re-fucked the UI and I’m lost.
I *THOUGHT* last time I had worked out a way to always go first to the admin center, BECAUSE THATS THE ONLY THING I EVER USE! This time it was just a big chatbot window.If I ever meet anyone who admits involvement in this pile pf shit, I’ll beat them to death with my bare hands.
-
Cloudflare is preventing me from logging into a customer’s WordPress that they horked up. Apparently I look like a bot.
-
I’ll never understand why Linux installers don’t see 3 identical disks and grok that the plan is a 3-way mirror for system pieces and LVM for everything else.
It’s the RIGHT way, after all.
-
The others all seem to share a problem of not liking their disks, even after an apparently successful installation and a partial startup that calls out their appearance and can see all 3 disks in the mirror but doesn’t understand they they’re a mirror with a slice that boots. Gotta go review my EL installation notes, if I can find them../
-
It’s been a long weekend…
working with a colleague to do some hardware refresh.I despise hardware.
I’ve spent most of the last 4 hours fighting an anaconda (EL installer, not hot AI whatever) bug that is basically undebuggable. Alma 9.6 doesn’t work like Alma 9.5 did, but crashes instead when I try to do my ideal disk layout…
OK, I was going to be updating anyway, grab a 9.7 image.
NOPE, same bug.
getting 9.5 from the vault… -
Doing a rolling hardware and host OS upgrade on our OpenNebula environment.
Not building a plane mid-air, RE-building a loaded 737 mid-air to convert it to a 737-MAX9, without discomfiting passengers…
Just shut down 2 of 3 old X5650 nodes. Bane of my existence. One remains, with a VM that won’t live-migrate because of history. It’s Windows so I do not need to do the dirty work.
I’m pretty sure this is not how they do it at AWS.
-
#FreeBSD #HotTake: Even though everyone with deeper #firewall juju than myself says #pf is better than #ipfw, so I guess it must be, I still like knowing my rules by numbers that don’t change. Plus I have tools written over many years around ipfw and would need to totally redesign them conceptually for pf. I don't have enough working years to do that.
-
#FreeBSD #HotTake: Even though everyone with deeper #firewall juju than myself says #pf is better than #ipfw, so I guess it must be, I still like knowing my rules by numbers that don’t change. Plus I have tools written over many years around ipfw and would need to totally redesign them conceptually for pf. I don't have enough working years to do that.
-
#FreeBSD #HotTake: Even though everyone with deeper #firewall juju than myself says #pf is better than #ipfw, so I guess it must be, I still like knowing my rules by numbers that don’t change. Plus I have tools written over many years around ipfw and would need to totally redesign them conceptually for pf. I don't have enough working years to do that.
-
#FreeBSD #HotTake: Even though everyone with deeper #firewall juju than myself says #pf is better than #ipfw, so I guess it must be, I still like knowing my rules by numbers that don’t change. Plus I have tools written over many years around ipfw and would need to totally redesign them conceptually for pf. I don't have enough working years to do that.
-
#FreeBSD #HotTake: Even though everyone with deeper #firewall juju than myself says #pf is better than #ipfw, so I guess it must be, I still like knowing my rules by numbers that don’t change. Plus I have tools written over many years around ipfw and would need to totally redesign them conceptually for pf. I don't have enough working years to do that.
-
This is what I deal with: customers who insist that developers need sudo on prod…
This was a month ago, when I fixed their “why doesn’t it reboot” issue. Today I got a ticket asking whether the weekly reboot was needed and if so, could it be scheduled differently. Of course, that was from their support folks, not their devs.
I’m in a cooling-off period.
#Sysadminnery -
I even built a tool for users to minimize the potential for error in this process.
But if a user can’t type their own personal name correctly I am at the bottom of my toolbox. -
There is no lesser joy than the process of resetting a password for someone who chronically mistypes their own name.
-
Someday I will get through the first quarter of a year without having to direct a client to https://kb.isc.org/docs/aa-01640
2026 is not that year. 18 in a row. Had to explain it to marketoons for my prior employer as well, for both major brands.
I don’t *like* making their other vendors look like idiots but I do not really have a choice.
-
It seems to me based on mailing list traffic like a lot of people are seeing the free side of MS email (outlook.com, hotmail.com, etc. not paying customers on ms365) doing what it so often does today: mystery rejections and dropping mail on the floor.
I assure you: if you're getting bounces because of this, your mail admin knows that it is happening and has NO WAY to address it. -
I never ceases to amaze me that mail systems do this shit. I know it was a thing with Sendmail but most of us have moved on or at least fixed the stupid mailer flags.
-
#TIL: XenCenter makes no objection when one tells it to delete an apparently unused “backend" vdisk which has a (sparse) descendant busy with a running VM. Also, doing that to a Windows VM does not cause it to fail immediately.
Unclear how this mistake has not been previously made in this environment. -
It’s a rhetorical Q.
It’s almost a miracle that it was found.It’s also why I do a paranoid level of consistency checks on every #SpamAssassin release. Our definitive repo is in Apache SVN, so we don’t have precisely the same vulnerability as libxz had, but I still verify that no matter how one gets the source, it is identical to what we've checked in.
#FOSS #Sysadminnery #InfoSec @mjg59 https://nondeterministic.computer/@mjg59/115961116648470244
-
I’m almost at the point of just installing the relevant software on the bare metal host (already doing email…) like it’s 1999 and I only have one box.
-
What's that work thing that I keep forgetting about until I run into it while doing something else and realize that I really need to fix that?
Why don't you know?
-
What's that work thing that I keep forgetting about until I run into it while doing something else and realize that I really need to fix that?
Why don't you know?
-
What's that work thing that I keep forgetting about until I run into it while doing something else and realize that I really need to fix that?
Why don't you know?