--- Log opened Tue Mar 16 00:00:22 2021
03:06 -!- crashcartpro [uid29931@gateway/web/irccloud.com/x-kfgzdcklbrnsoaei] has quit [Quit: Connection closed for inactivity]
05:43 <@Dolemite> mr0ning, be0tches and h0ez!
05:44 <@Dolemite> Evilpig: Yes Day just looked a bit too cheesy family flick to grab my interest
06:48  * aestetix hugs Dolemite 
06:50 -!- npcomp [~user@209.195.0.146] has quit [Ping timeout: 246 seconds]
06:53 -!- Dolemite [~scott@h69-131-213-251.cncrtn.broadband.dynamic.tds.net] has quit [Ping timeout: 265 seconds]
06:53 -!- Dolemite [~scott@h69-131-213-251.cncrtn.broadband.dynamic.tds.net] has joined #se2600
06:53 -!- mode/#se2600 [+o Dolemite] by ChanServ
06:54 -!- NotLarry [~NotLarry@066-190-177-036.res.spectrum.com] has quit [Ping timeout: 265 seconds]
06:54 -!- NotLarry [~NotLarry@066-190-177-036.res.spectrum.com] has joined #se2600
06:54 -!- mode/#se2600 [+o NotLarry] by ChanServ
07:03 -!- npcomp [~user@209.195.0.146] has joined #se2600
07:08 -!- rpifan [~rpifan@p200300d2671bda006cb5a66dc46e07f4.dip0.t-ipconnect.de] has joined #se2600
07:09 <@Dolemite> Man, the resistance to change is so freakin' strong around here.   All SMTP traffic has to move to authenticated by March 31...   System Admins bitched that we (the ones running the Authenticated SMTP Server) haven't automated a way to set this up for the thousands of servers they have to administer...    so then I got Cert-Based Auth configured...   and then wrote an API to register your certificates...
07:09 <@Dolemite>   one System Admin wrote a python script that you could push to your servers with Ansible to update your API token, renew cert, etc and then register with the API...   I then shared all of that info with the "Server Team" to use...
07:09 <@Dolemite> Number of systems registered by the Server Team so far:  0
07:10 <@Dagmar> Started preparing "This is your own damn fault" emails for when they get mails rejected and complain
07:10 <@Dolemite> Days left until deadline:  15
07:10 <@Dolemite> Well when you claim that there are thousands of systems to update, you'd think you'd start sooner than 2 weeks out.
07:11 <@Dolemite> They haven't even requested an API Token
07:13 <@Dolemite> I'm rather proud of my whole setup.   You login with your token so we know who you are.   Submit a cert and the API checks against the network registry to make sure that you are one of the authorized admins for it, and if so, it does some other sanity checks on the certificate and if all is well, it adds to the database.   Every 15 minutes a job runs that creates the client list for Postfix and then
07:13 <@Dolemite> updates it to a private GitLab repo, which the actual Postfix servers have access to, and will pull down every 15 minutes.
07:14 <@Dolemite> I had to do it that way instead of pushing to the Postfix servers because of Protection Zone rules.   I can pull from a more secure PZ, but not push to a less secure one.
07:22 <@Evilpig> I see one thing you could have done to be more awesome.   fuck a scheduled check in from postfix, use a post commit hook in gitlab to trigger a pull upon update
07:23 <@Dolemite> That would violate the whole pushing to a less secure PZ
07:24 <@Dagmar> So again... SMS-based 2FA is bullshit and no one should be using it:  https://www.vice.com/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber
07:24 < PigBot> A Hacker Got All My Texts for $16 (at www.vice.com)
07:24 <@Evilpig> meh, it's still a pull.  just a quicker response time
07:25 <@Dolemite> Evilpig: I agree, but I didn't push for an exception because I also don't want to have postfix restart 100 times a minute because somebody decided to use the API to register 1000 machines all at once
07:25 <@Dolemite> But I do send an email to the user that registered the cert when it goes live
07:25 <@Evilpig> fair point.  I use a batch system to prevent that with our nagios
07:25 <@Dolemite> Plus a cert expiration warning, and finally a "you idiot, you let this expire" email
07:27 <@Evilpig> Dolemite: have y'all been hit with the cash grab from gitlab yet?
07:28 <@Dolemite> Because we all know that what's going to happen is that ${User A} is going to register a cert for sending critical emails from ${System X} and then retire while ${User B} gets handed their system with no documentation.   So for that matter, it also emails the SMTP Auth Support team to cover our own collective ass.
07:28 <@Dolemite> Evilpig: Their cash grab began long ago.   Too many researchers wanted the features of Premium and Gold and shit.
07:29 <@Evilpig> I mean the one that they fired off earlier this year with the elimination of starter
07:29 <@Dolemite> But I don't manage GitLab so I'm not sure how many of the free accounts we were even using.
07:29 <@Dolemite> I think we were already paying for the vast majority
07:29 <@Evilpig> we have an on prem server and were paying $5/user
07:30 <@Evilpig> they've eliminated our license tier and told us that our only option is go free and drop ad auth, or pay $20/user and goto the next tier up
07:30 <@Dolemite> I think we have somewhere around 6-8 different on-prem GitLab environments
07:31 <@Dolemite> We use SAML for our auth
07:31 <@Dolemite> I wonder if that's still available in the freebie version
07:31 <@Evilpig> pretty sure all auth options were off the table for the free
07:31 <@Dolemite> Hrmm, says it's available in all Tiers, including Free
07:31 <@Dolemite> https://docs.gitlab.com/ee/integration/saml.html
07:31 < PigBot> SAML OmniAuth Provider | GitLab (at docs.gitlab.com)
07:32 <@Dolemite> So you set it up as an ADFS app, because ADFS acts as a SAML IdP
07:43 -!- rpifan [~rpifan@p200300d2671bda006cb5a66dc46e07f4.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
07:56 -!- rpifan [~rpifan@p200300d2671bda00acda8dd6068259cb.dip0.t-ipconnect.de] has joined #se2600
09:36 <@Mirage> In the last meeting..  Project Manager: "DHCP clients are broken because after they get migrated from the old network to the new one they still use the old IP."
09:36 <@Mirage> Me: *beats head on desk* then explains HOW dhcp works
09:39 <@Mirage> Without seeing anything and just listening to the non-technical person trying to explain a technical problem I'm 99% sure that it's either a firewall problem or a dhcp relay problem. Unless of course what's his fuck that use to do DNS on infoblox at VUMC is managing DNS for this customer in which case it's 100% his fault.
10:30 <@Dagmar> heh
10:31 <@Dagmar> Who uses DHCP relays anymore?
10:31 <@Dagmar> Well, aside from us
12:01 <@eryc> https://github.com/facebookincubator/dhcplb
12:01 < PigBot> GitHub - facebookincubator/dhcplb: dhcplb is Facebook's implementation of a load balancer for DHCP. (at github.com) https://tinyurl.com/h5qhng3
12:08 -!- oddball_ is now known as oddball
12:09 -!- mode/#se2600 [+o oddball] by ChanServ
12:29 -!- crashcartpro [uid29931@gateway/web/irccloud.com/x-htaefvfthvsxuzox] has joined #se2600
14:23 <@Dagmar> f**king _why_
14:24 <@Evilpig> because you touch yourself.
14:24 <@Dagmar> The entirety of Vanderbilt's infrastructure runs off a couple of 1U's that barely get above "bored" for load
14:25 <@Dagmar> What the fuck does someone need a load balancer for for a service that's totes fine with just running as many instances simultaneously as you'd care to launch
14:26 <@Dagmar> kwilczynski: At a previous gig I know I didn't win any favors for the way I handled "patch night"
14:27 <@Evilpig> we've actually recently upgraded that infoblox hardware to a set of like 16 or so appliances partially because we were hitting the ceiling on cpu power
14:28 <@Evilpig> part of that was netops doing stupid shit like running active scans against subnets that were eating resources like candy
14:41 <@Mirage> Evilpig: renice their shit and the problem goes away
14:41 <@Mirage> Of course then they also strat whining about how long it takes to run their reports
14:44 <@Dagmar> Just blacklist the netsec servers from being able to aggresively molest the DNS/DHCP servers
14:45 <@Dagmar> twainwek: While I have postits on my desk, they're all kept in a neat little stack
15:23 -!- eryc [~eric@unaffiliated/internetjanitor] has quit [Quit: leaving]
15:25 -!- eryc [~eric@unaffiliated/internetjanitor] has joined #se2600
15:25 -!- mode/#se2600 [+o eryc] by ChanServ
15:27 <@Dagmar> Oh noes!
15:28 <@Dagmar> I just got a call that says I have to call the number back because I'm being accused of drug trafficking and if I don't call them back I'll no idea becuase the recording was bad
15:28 <@Dagmar> The first guy hung up.
15:28 <@Dagmar> Lessons will be _learned_ today
15:30 <@Dagmar> I think it might just be one person answering hte phone
15:30 <@Dagmar> THey hung up on me right away
15:35 <@Dagmar> By the way, if anyone else would like to join in on the phun, here's the number: 1-855-640-3725
15:41 <@oddball> The existence of this movie needs to be known. https://www.youtube.com/watch?v=L4tizc0IAVQ
15:42 < PigBot> PG: Psycho Goreman - OFFICIAL TRAILER - YouTube (at www.youtube.com) https://tinyurl.com/y3m93qjz
15:51 <@Evilpig> oddball: you're late to the party my fried
15:51 <@Evilpig> friend*
15:52 <@Evilpig> pretty sure I mentioned that in here a month or so ago.  the little girl cracks my shit up
15:54 <@oddball> ah, ok.  I checked, and didn't see it on your Plex server, so I wasn't sure if you knew about it.
15:56 <@Evilpig> It's 100% there
15:56 <@Evilpig> https://www.dropbox.com/s/ake9rdq5xym1p7o/Screen%20Shot%202021-03-16%20at%203.56.36%20PM.png?dl=0
15:56 < PigBot> Dropbox - Screen Shot 2021-03-16 at 3.56.36 PM.png - Simplify your life (at www.dropbox.com) https://tinyurl.com/yz9grsoq
15:56  * Evilpig swears to dagmar
15:57 <@oddball> Ah... then I was just being blind.
15:58 <@Evilpig> my server could have been responding slow.  it has a good bit of content to parse
15:58 <@oddball> heh... there is that.
16:14 <@Evilpig> it's time to get off here.  i've been parked at this desk all day. 
18:40 <@Mirage> Pretty good.  https://www.youtube.com/watch?v=1H_8GEQs4d0
18:41 < PigBot> Canadians Reacts to Jim Gaffigan *Who Drew The Map of Canada* - YouTube (at www.youtube.com) https://tinyurl.com/yhtu65gd
21:47 <@Dagmar> C-a-n-a-d-i-a
--- Log closed Wed Mar 17 00:00:24 2021