The long holiday weekend didn’t end up yielding many spare hours for me so I switched back from one firefighting mode to the other with not a whole lot of that time awake and doing anything interesting. I did throw one pretty interesting link on my Pinboard for later reading though
A rundown of how each fast charging technology works doesn’t sound particularly interesting at first glance. I started reading mainly because I wanted to see how the Warp Charge I use on a daily basis (you really don’t want to know how many of these chargers I’ve purchased since I got my OnePlus 7 Pro) differed from the other fast charging specifications. The article is interesting since it also provides a bit of context in some cases for what the author thought was the thinking behind the differing specs. It’s far more entertaining and insightful than I assumed it would be when quickly scanning the opening paragraph and marking it for later consumption. I genuinely appreciate efforts like this that not only answer a question but are entertaining in the process.
Month: September 2020
I’ve tried to write out my thoughts about this a few times but I always end up being overwhelmed by the ever widening scope of related things that end up being pulled in. What I’m hoping to do, and this may never be read by another human and/or web robot, is use my cane to tap around the perimeter of this vexing problem that I’ve faced at nearly every place I’ve worked: Active Fucking Directory.
At the moment I’m completely mired in the weird middle space between wanting to switch completely over to something that functions less like a needlessly complicated wrapper around LDAP and more like a secure-ish authentication method that performs a bunch of single sign on functions. It would also be nice if maintaining this shiny new solution didn’t become my full time job as well. The short answer, in my situation at least, is that an answer that simple and comforting doesn’t exist at all.
Here are the problems:
1. This needs to meet all of the requirements of the eleventy billion master service agreements that we’re supposed to hit. These are constantly changing and some of them we just sign off and ignore until one of our customers proposes an audit. Some of these requirements would be better left to a capable MDM solution but …
2. My budget for such a solutions is, well, um, if you could just cut checks to my company for using your solution that is about the only that would make it through our finance department. The finance folks are not looking to invest money in anything ever so that becomes a rabbit hole I’m not going to willingly crawl into.
3. To make things absolutely and utterly disaster-tastic we also just hired a CTO who seems like a cool enough guy but wants to have more input into the infrastructure we’re implementing. The real rub here is that he really just wants to implement a SaaS solution that is the namesake of the company he just jumped ship from and I have heard nothing but gnashing teeth and the sound of hope anally escaping the human body from other folks I know that still do infrastructure work. So, I’m in a holding pattern right now while I fervently hope that one of the interviews I’ve had recently bears fruit and I can hit the ejector seat button thus escaping with a few tatters of my sanity intact. Maybe I’ll get budget approval for something more expensive than anything I’m proposing and doesn’t work either? Splendid.
4. Another thing that happened in the midst of all of this was an office move, a company rebrand, a phone system replacement, and a few other ball crushing tasks that I might be defensively forgetting. Just a few minor things that need to happen all at once and posthaste. Our IT department, at least for anything that doesn’t live in AWS or Salesforce, is poor old me and I report up through 2 levels of managers. The usual song and dance occurred after the move was sprung on us/me; we’ll just have an MSP come in and do some of that work for us because that is always painless. I got a few things out of that: some new networking hardware (Meraki because the techs were either morons or thought we/me were morons) and a new server to host the software used to manage badging and security cameras. Like most security and monitoring software it requires me to install components from Windows Server 2000 to get it successfully running so I’m completely okay with isolated that garbage onto its own server and away from any infrastructure that actually matters. It did not get me any new server hardware that I could because there’s much money to be made reselling software licensing, of course. The MSP folks built us a sort of functioning Active Directory server in AWS but didn’t do most of the grunt work before their contract budget was consumed. Thanks guys! I was hoping to spend a couple weeks running hastily written Powershell scripts on a production machine. This also sounds amazing!
5. Here’s the punchline to all this: The server that really, really needs to be replaced is a 7-8 year old Dell PowerEdge that has been outside of a service contract for several years and spent most of its life in a switch closet/sauna basically the size of a closet with no real cooling. It is obviously a ticking time bomb despite having a backup domain controller even older that takes more than 15 minutes to reboot when I do something terrifying like rebooting it. Oh, yeah, and this is hosted on a Windows Server 2008 SBS box. Yeah, it really is that grim. The message from on high is that I need to somehow keep this incredibly robust and reliable machine running for a unspecified period of time until there is a decision and budget available for a cloud solution that will likely do measurably worse job of handling authentication and won’t serve any policy at all. Maybe that means I’ll finally get some budget for MDM? Probably not.
We are an Office 365 shop (this is what that service is called no matter what stupid renaming convention they try to employ) so everyone in the company that has absolutely no fucking idea what they’re talking about immediately tells me how we should just migrate on over to Azure Active Directory. This, of course, is more telling of how much coverage Microsoft pays for in trade magazines than anything else and has caused me to explain far too many times that (cue the theme music) Azure Active Directory is not fucking Active Directory in any meaningful sense.
At the end of this highly purgative post, I’m left with some questions that mostly should be posed at the huge corporations that create the software I’m supposed to keep things up and running with because cruel and unusual is industry standard. One very, very important question is: why the fuck isn’t Azure Active Directory analogous to Active Directory? That’s the most painful question. Look, I know it’s blindfolded brain surgery dangerous to expose an AD server to the internet, right? That’s been pounded into our heads since Active Directory was a relatively new thing. Don’t ever allow your AD server out into the world without galoshes and a rainsuit. That’s IT canon. BUUUUUT, the other Microsoft product that was absolutely, positively unsafe to expose to anything but a RADIUS-backed VPN was Exchange and now Exchange or at least a distant cousin of it is out there on the web eating apples full of razor blades and taking Tylenol from open packages all willy nilly. Obviously O365 isn’t the most secure platform in the world but it only seems to roll over dead a couple of times a week. Why can’t Microsoft spend a few cycles on that sort of work for AD? Oh, because all the data transmitted between a client and the AD server is full of delicious data that isn’t well protected. Extra fabulous!
The other non-option would be something like Direct Access which is already deprecated, requires the very most expensive edition of both the client and server pieces that it would run on, and only runs on Windows which is not real world useful unless you’ve landed a sweet gig at Contoso or Margie’s Travel. That leads me back, all the way back, to the always on/pre-logon VPN issue which means more expensive software seats and more moving parts that I can absolutely guarantee will break each and every time the wind picks up because I’ve foolishly made decisions like that in the past. In the end, I have no fucking answers and I’m feeling like one of those sad photo-op polar bears stranded on a melting mass of ice with nothing to do but wait until the sea eventually consumes me bringing on the sweet oblivion that erases all of this fuckery.
I don’t even remember how I’d heard about Serpent OS but I’ve been very sloppily following its development. Despite the fact that I wouldn’t be able to use it on a work machine because I work completely in a heterogeneous environment with a ton of Windows services that I need to meaningfully interact with and administer and I’d prefer to do that without the need for a bastion box sitting in between. But that’s me, at work.
I completely respect the design philosophy behind this distribution, from their About page:
We’re focused on building a Linux distribution that serves our own needs. Chiefly, a Linux distribution for people who want to use Linux, not a “Linux-based-OS” focusing on interoptability with macOS* + Windows*.
In a nut shell, this is not “Linux for the masses”. This is a project setting out to use Linux as Linux should be used. This will in turn help us to build a significantly advanced Linux distribution that is both modular and optimised for modern machines.
They’re also extending a raised middle finger to Nvidia and insistence on the use of mediocre binary blobs for Linux support which I also support. I’m writing this as a reminder to keep checking in with this distribution and eventually, when time is less pinched, doing a test install when they’re closer to a test release. I’m excited about this and look forward to how Serpent OS progresses and what optimizations they’re able to create by largely ignoring the non-Linux ecosystem most of us are soundly saddled with.
That title was supposed to evoke drama or intrigue but it’s also mostly true. The company I work for which, as always, shall remain nameless is bucking real hard for a sale. You can hear the potential of big dollars in every contrived story about how we desperately need to conserve cash despite allegedly sitting on huge piles of it. There’s a huge pile of shit in there somewhere and whether or not that bullshit is about the amount of money the company is setting aside for a rainy day despite being stretched beyond functionality or about how all this paper shuffling is actually in the name of dominating the market for whatever it is that our software is supposed to be really good at doing this quarter. We’ve basically thrown all of our resources at hiring impressive-sounding executives and haven’t backfilled any of the positions that do things other than attend meetings and affix their names to ghost written glad handing for the pages of some trade magazine.
The feeling that it was past time to chew my leg off and flee from the trap started during a meeting when I found out concretely that most of the projects, at least the ones that have real impact on my workload and sanity, have been shelved. To be fair, we did also hire a CTO and wanted their input on how to prioritize the work we need to do to stop drowning in tech debt and running all of our capex into the ground with hardware refreshes gradually making their way into the five year cycle. At the same time, I’ve been fucking over my fellow rank and file workers to handle a bunch of firefighting tasks to make the C level folks look good and being expected to handle all of the wrath from people who can’t have their issues addressed in a sane span of time any more. Any operations role contributes to feeling like a punching bag on the particularly bad days but I was losing my mind by 10:30 AM this morning. I also found out that some work I’d promised to finally complete for our support staff was going to be pushed aside so another C level Sales hire could have their laptop a full week before their start date because, reasons. Fuck every bit of that. I logged off early today after completely running out of fight. The worst part is that I’m stopped caring at all about the day to day because I can’t plan and can’t prioritize and feel like I’m working in a call center or something.
Anyway, so disasters in professional life and my horror about them aside, here are some things I thought were interesting today:
1. I had a great time working with a Raspberry Pi for the first time and have enjoyed how little advertising I see due to the deft hand of Pi Hole. The first hit is always free and I ended up buying another Pi and setting up openmediavault early this evening. I’d nearly forgotten how much fun setting up personal servers can be. Yes, it was a matter of snapping together some inexpensive pieces of hardware and attaching an unused 2TB external hard drive to that but it was more fun than I’ve had working with any other bit of technology in ages. It was also an expensive alternative to the pricey NAS hardware that I’ve been eyeballing lately especially while spending most of my life in my house. I guess it’s about time to find somewhere accessible to store the gigabytes of comics that I’ve been downloading. That way I’ll be able to not have time to read any of them from any device! It’s going to be like living in a dystopian Jetsons!
2. I’d be more intrigued about the story behind some guy flying with a jetpack near commercial airplanes in Los Angeles if it wasn’t so damn likely that this was result of a start up, flush with cash from a new round of funding, disrupting air traffic control or something equally inane and contrived. The headline from that story definitely grabbed my click but I was really hoping less for instant millionaire publically measuring dicks against all the other millionaires trying to be the first to endanger planes full of passengers and more for something like the hilarious (and also intensely sad) story of Larry Walters and his solo lawn chair flight into commercial air space.
3. If you needed more reasons to despise the way that Amazon treats its employees then here is a super gross story about buying their own Pinkertons to spy on employees organizing. That is blatantly disgusting and shameless. Imagine interviewing for that job. Is there a personality test? Do you enjoy helping drastically increase the fear and distrust at your workplace? We have the perfect job for you and your lack of human empathy.