--- Log opened Tue Dec 01 00:00:42 2020
03:45 -!- rpifan [~rpifan@p200300d2671c7600cd70aec4fba03010.dip0.t-ipconnect.de] has quit [Ping timeout: 240 seconds]
04:38 -!- klixa [uid861@gateway/web/irccloud.com/x-ejcborvwoaeihcyd] has quit [Quit: Connection closed for inactivity]
06:21 <@Dolemite> mr0ning, be0tches and h0 h0 h0ez!
06:21  * aestetix hugs Dolemite 
06:48 <@Evilpig> Mirage: YES!  jesus that is hard to keep straight what the hell is going on
06:51 <@Dolemite> Isn't that most Christopher Nolan movies?
07:38 <@Evilpig> that went better than I had expected
07:39 <@Evilpig> changed the ssl cipher scheme for a couple hundred VIPs and only one error that got logged
07:47 <@Evilpig> 6 months of planning and less than 30 minutes of work.  :-/  this is corporate life
07:50 < aestetix> why did it take six months of planning to change the ssl cipher scheme
07:50 <@Evilpig> because there were 30 different groups involved that had applications that would be impacted
07:51 <@Evilpig> it took that much time to track down all of them, get a compiled list of what would be impacted, get that to change approval, fight for 30 days to get it approved because some douchebags were dragging their feet about testing
07:52 <@Evilpig> I started this 6 months ago, three months ago I changed the test environment.  the remaining time was spent fighting to get the change approved
07:52 < aestetix> haha
07:53 <@Evilpig> I had to make two exceptions for ancient garbage java apps running on rhel5 servers that are slated to be removed in mid-jan
08:00 <@_NSAKEY> And true to form, those boxes will likely be around after January is over.
08:01 <@Dolemite> Evilpig: This is where working at a government location was actually more productive.   We had a "Thou Shalt" edict passed down and everybody had to comply in short order or get cut off from the internets.
08:01 <@Dolemite> Because we had to go through that back in 2019 for TLS1.0 and DES ciphers
08:31 <@Evilpig> access to old medical records is one of those sticky points legally
08:32 <@Evilpig> these boxes have been having data migrated out into modern systems and should be done this next week
08:32 <@Dolemite> Binding operational directives have a way of reprioritizing resources around here.
08:33 <@Evilpig> also all of our management folks don't like risk, any type of risk and do everything to avoid any
08:33 <@Evilpig> it's dumb
08:33 <@Evilpig> but our security staff is top notch.  lol
08:33 <@Dolemite> No risk, no reward
08:34 <@Dolemite> But yeah, it was surprising how much more conservative to change/risk VU was compared to ORNL
08:34 <@Evilpig> I guess I should follow up with this vendor from last week about his ssl purchase for some mystery vpn connection that doesn't match the name he was requesting a cert for that security signed off on and I denied
08:34 <@Dolemite> But it's a difference in the mission
08:34 <@Dolemite> ORNL's mission is to push the envelope by advancing research
08:35 <@Dolemite> VU's is to make bank off that endowment and rich kids
08:35 <@Dolemite> Er, I mean, be a world-class educational institution
08:35 <@Evilpig> we aren't VU anymore though
08:35 <@Evilpig> we profiteer off the sick and their insurance
08:36 <@Dolemite> VUMC is a different animal
08:36 <@Dolemite> I'm just comparing the VU change board that I moderated
08:37 <@Dolemite> The VUMC one was bonkerz risk averse
08:37 <@Evilpig> they follow the same model
08:37 <@Dolemite> Well 10 years ago they were separate
08:38 <@Dolemite> but from 15 years ago to 10 years ago you could see a major shift towards being ultra cautious in what they'd approve
08:38 <@Evilpig> I had 17 approvers on my change, it went to CAB and they added four more.  I mean really?  
08:38 <@Dolemite> Jeebus H. Christ
08:39 <@Dolemite> Our CAB here...   you submit a change and then show up at one of the two weekly CAB meetings to discuss the change.   There's a rep from each of the major groups in there that can ask questions.
08:39 <@Dolemite> If your rep doesn't speak up, you have to go to the CIO to try to stop a change
08:39 <@Evilpig> this one was messy because it involved the ldap and sso connections
08:40 <@Dolemite> Understood.   Just saying that the same thing here would simply require off-hours implementation and a good test plan.
08:41 <@Dolemite> And nowhere near the red tape that you have to deal with
08:41 <@Evilpig> my director pushed for off hours, but I kinda slid around that
08:42 <@Evilpig> I did it at 7a on a tuesday which is technically still pre-business hours
08:42 <@Evilpig> they were initially pushing for the weekly big change window which is 2a - 4a on sunday
08:43 <@Evilpig> I argued this was better because we'd be online to monitor any issues with actual loads hitting the services and we'd be readily available to make any adjustments
08:43 <@Dolemite> Our weekly patch window is Thursday after 6 PM.   LOL
08:44 <@Dolemite> Or you can request an alternate schedule, which I do for my Kubernetes clusters.   I do them via automation on Sunday AM and then have a job within the cluster that checks each node to see if it needs to reboot, and if so, it coordinates removing each node from the cluster one by one as it cycles through.
11:25 < aestetix> Evilpig: would you consider going to work at a place like tumblr again?
11:28 <@Evilpig> for the right pay I would, but that culture is not great
11:28 < aestetix> were they workaholics?
11:34 <@Evilpig> no, just social justice warriors
11:34 <@Evilpig> everything was offensive, you had to be 100% PC to every cause no matter the age of it.  
11:35 < aestetix> hahahaaha
11:36 < aestetix> is tumblr based in the bay area or something?
11:37 < aestetix> I know they have data centers in other palces
11:37 < aestetix> not sure where the HQ is
11:54 <@Evilpig> they're in NY
11:55 <@Evilpig> their datacenter was in NJ, then I helped move it to Buffalo, NY then they sold to verizon and I have no idea where they moved it to
11:59 < aestetix> wow
11:59 < aestetix> SJWs even in NY
11:59 < aestetix> or were they from somewhere else
12:03 -!- klixa [uid861@gateway/web/irccloud.com/x-csuulfsnslbhqrbn] has joined #se2600
12:03 -!- mode/#se2600 [+o klixa] by ChanServ
12:04 < aestetix> guten tag klixa
12:05 <@klixa> Hey aestetix
12:10 -!- klixa is now known as prodigal_klixa
12:12 -!- prodigal_klixa is now known as klixa
12:14 <@Evilpig> dear god...
12:14 <@Evilpig> "We are standing up a new cloud instance for Printing.  RJYoung will be hosting the instance, but we would like to have a standard naming convention for the URL to make it easy to find and navigate to.  Something like printing.xxxx.xxxxx.org"
12:14 <@Evilpig> there is no other information in this ticket
12:45 <@Dolemite> Evilpig: Gotta love those
12:47 <@Dolemite> Oh, man.   If you thought Gordon Ramsay cussed a lot, you should see him about 15 minutes in to his appearance on Hot Ones (interview series with progressively hotter chicken wings)
12:47 <@Dolemite> He just downed half a bottle of Pepto.  LOL
12:49 <@Dolemite> https://www.youtube.com/watch?v=U9DyHthJ6LA
12:50 < PigBot> Gordon Ramsay Savagely Critiques Spicy Wings | Hot Ones - YouTube (at www.youtube.com) https://tinyurl.com/y89dc27e
13:05 <@Mirage> I linked that quite a while back
13:06 <@Dolemite> Yeah, it's over a year old
13:30 <@Dagmar> Evilpig: Close ticket: Unable to comply.  We do not manage the xxxxx.org domain.
13:31 <@Dagmar> 'cuz screw people for deciding "We want to change a bunch of stuff, _and_ make our own jobs easier, but we don't want to have to come up with a solution ourselves."
13:31 <@Evilpig> turns out this a request to set up a dns redirect for a url that hasn't been established with RJ Young yet.  talked to the RJYoung guy about doing a dns mask and he said he had to get with their tech folks. :-/
13:32 <@Dagmar> Someone needs to remind them what 'lexically heirarchical' means, too
14:08 <@_NSAKEY> Dagmar: You're making too many bold assumptions about their ability to pronounce those words.
14:15 <@Dagmar> Honestlyt for some of those groups, they should just be given a small set of flash cards that they can spread on the table and point at
17:03 -!- klixa [uid861@gateway/web/irccloud.com/x-csuulfsnslbhqrbn] has quit [Quit: Connection closed for inactivity]
17:56 <@Dagmar> Maybe some of those "talking buttons" like the dogs on the YouTube vidos use
21:21 <@Dagmar> I finally made a "decent" tavern in Dwarf Fortress
21:22 <@Dagmar> It has attracted so many elven musicians and poets I now regret not adding drawbridges.
21:55 <@Evilpig> heh
--- Log closed Wed Dec 02 00:00:43 2020