what did you learn today?

[Soko]

Dear Luser:

Can you please dummy the FUCK up and make FUCKING sure you're not sending sensitive information via email? There is no way I can ensure that the info in the attachment you sent is actually gone, even after I've combed through the mailboxes and turfed it -some smart user just might have saved it to thier hard drive. No the Recall button doesn't work that way. I'm not a TimeLord like Dr. Who and cannot guarantee your fuckup has been erased.

Happy FUCKING Holidays, oxygen waster.

Soko

 

[afidel]

There's a place where monks make such rants but I don't think ARS is the right place for them =)

 

[Soko]

This thread is as close as I'll go to the SDM.

 

[Arbelac]

Today,

That if you set 0 logins on your default Noaccess group policy on your VPN device, and set the authorized policy to inherit, it will pull that setting from the default, causing you to cry until you figure out the problem with no useful error messages.

>.<

 

[Soko]

Of course there were no userful error messages - you told the computer to be stupid and it happily complied.

No sweat, we all self-LART once in a while.

 

[Fulgan]

That for some company, "guaranteed 4 hours response times" means "we'll get a ticket confirmation and then a standard request for information in under 4 hours. An actual human being might have a look at your ticket the following business day... If it's urgent."

 

[jdsmith575]

You can improve your annual review by fixing the system used for annual reviews in under two hours, during the year-end change freeze. It would have gotten fixed on Jan. 20th if we had followed the approved processes.

 

[PVO]

Did I mention that there is a change freeze? And that the execs overrulled the change board and told them to do it anyway?

Of course, I couldn't help but point out we don't need change boards / meetings if the recommendations are overturned.

 

[chalex]

Using a consumer-grade Ethernet switch in the datacenter actually does create a bottleneck. Our 16-port $100 Linksys GigE switch maxes out at ~400Mbits aggregate throughput.

 

[dotorg]

Don't ever allow a vendor to come observe flaws in their software onsite. Submit tickets. Stop work if it's malfunctioning and creating too many problems. If you let them in, the next step is that you turn into their free testing service.

 

[Paladin]

Using a consumer-grade Ethernet switch in the datacenter actually does create a bottleneck. Our 16-port $100 Linksys GigE switch maxes out at ~400Mbits aggregate throughput.

Not sure anyone could expect otherwise. Maybe blind optimism? Basically with switches you get what you pay for, even in the super high end. Sometimes that niche feature really is worth an extra $50k.

Now, whether what you get is worth the cost to *you* is another question... For a lot of folks, 400 mbit is plenty for most situations and they just want 16 ports with auto mdi and other nice gigabit features. Of course, actually being able to push anything close to 1 gbit between more than 2 ports at a time, well... that would be nice.

 

[Uhlek]

Don't ever allow a vendor to come observe flaws in their software onsite. Submit tickets. Stop work if it's malfunctioning and creating too many problems. If you let them in, the next step is that you turn into their free testing service.

At a past job, we once had a product that was having so much problems and the vendor's requests for data gathering became so onerous we stopped assisting until the vendor agreed to start paying us an hourly rate to assist in the troubleshooting.

 

[RicDavis]

Using a consumer-grade Ethernet switch in the datacenter actually does create a bottleneck. Our 16-port $100 Linksys GigE switch maxes out at ~400Mbits aggregate throughput.

Are you saying the backplane can't actually cope with a single port's bandwidth?

 

[dotorg]

Don't ever allow a vendor to come observe flaws in their software onsite. Submit tickets. Stop work if it's malfunctioning and creating too many problems. If you let them in, the next step is that you turn into their free testing service.

At a past job, we once had a product that was having so much problems and the vendor's requests for data gathering became so onerous we stopped assisting until the vendor agreed to start paying us an hourly rate to assist in the troubleshooting.

I actually just had a conversation about that very thing. They want to test with a larger team on Monday. Because of the flaws in the software, I can't trust *any* of the work performed without manual re-review of every work unit. Testing with the team size they desire would run in excess of $20k per day.

Why they can't hire their own army of temps from some local agency and have them perform the testing, I will never know. It's almost silly for me to pay attorneys to be testers on live data. For testing purposes, anyone capable of using a mouse could do the job, assuming you create a simple set of test images with rules about what to redact on each page. All you do in this program is draw black boxes over things you want to hide.

On my bug reports alone, they've already identified two major issues that they claimed could never happen. For weeks, they blamed my users, saying they simply weren't doing their jobs.

 

[sryan2k1]

Using a consumer-grade Ethernet switch in the datacenter actually does create a bottleneck. Our 16-port $100 Linksys GigE switch maxes out at ~400Mbits aggregate throughput.

Are you saying the backplane can't actually cope with a single port's bandwidth?

It wouldn't surprise me. It was 100$

 

[Soko]

Using a consumer-grade Ethernet switch in the datacenter actually does create a bottleneck. Our 16-port $100 Linksys GigE switch maxes out at ~400Mbits aggregate throughput.

Are you saying the backplane can't actually cope with a single port's bandwidth?

It wouldn't surprise me. It was 100$

Unless you had 1GB FiOS, how would you know? For that matter, 400MB is noticably faster than 100MB, so the average Joe Luser would go "WOW, thet fastar!!!" and be happy.

 

[Accs]

Using a consumer-grade Ethernet switch in the datacenter actually does create a bottleneck. Our 16-port $100 Linksys GigE switch maxes out at ~400Mbits aggregate throughput.

Are you saying the backplane can't actually cope with a single port's bandwidth?

It wouldn't surprise me. It was 100$

Unless you had 1GB FiOS, how would you know?

Sometimes the servers try to communicate with each other at speeds higher than the outgoing Internet connection

I've got a customer with a 24-port 10GBE switch in a facility with a 3Mb/S Internet connection. That 10GBE switch moves a LOT of data.

 

[Rick25]

That reporting spam in a thread back can make the thread go "Poof" until the database gremlins can make it right

 

[Das Schwartz]

McAfee E-mail Gateway, a supposedly "enterprise" level product, has the following limitations:

Can't be monitored via SNMP
Doesn't do native SMTP load balancing (like every other mail product...ever)
Doesn't have automatic configuration synchronization between devices
Doesn't have automatic configuration backups
Taking a manual configuration backup incurs ~5 minutes of mail flow disruption
Doesn't integrate with AD to authenticate administrative users


Guess how this makes me feel.

 

[sty]

That reading this thread during a countdown party is a chick repellant

 

[ronelson]

McAfee E-mail Gateway, a supposedly "enterprise" level product, has the following limitations:

Can't be monitored via SNMP
Doesn't do native SMTP load balancing (like every other mail product...ever)
Doesn't have automatic configuration synchronization between devices
Doesn't have automatic configuration backups
Taking a manual configuration backup incurs ~5 minutes of mail flow disruption
Doesn't integrate with AD to authenticate administrative users


Guess how this makes me feel.

Ha! You have just glimpsed the tip of the iceberg, my friend. There are a huge number of other problems. For instance, they have modified the network drivers (at least if your model uses the broadcom NICs) such that each interface will respond for ARP and ICMP on both interfaces...but not for TCP/UDP traffic. This means that when you have remote hands migrate a unit, accidentally swap the cables, and then test connectivity, everything looks fine - eth1's address responds on eth0, eth0's address responds on eth1 - but no traffic flows.

You will find a lot more to hate, you are not done yet!

 

[Soko]

Thank you, ronelson, for reminding me why I need to take one of these

to the prog-rammers every now and again.

 

[sporkme]

People don't listen.

Me: "We really shouldn't run a totally open recursive name server, fuck ex-customers who still have our IPs hard-coded in their preferences."

Crazy Lady: "Um, what's a recursive name server?"

Me: "... you own an ISP?"

Crazy Lady: <mum for months>

Me: "Why is there 88Mb/s of traffic heading out of one our name servers? That seems excessive."

What a pain in the ass - thankfully whatever botnet is using us to amplify their attacks are leaving a signature that I can see in the logs when I turn off access to anything but our netblocks. That means that over the course of a few hours I can come up with a list of what they keep attacking (over and over and over again) and block it while not making a major customer-visible change over a holiday weekend. Yay.

Still don't have an answer about turning it off on Monday though.

 

[sryan2k1]

Nothing goes right when I go on vacation.

Employees first day Monday in a new facility and the wimax isn't working. All the local equip seems fine but no radio bridge. Ugh.

The backup Internet won't be in for a month (comcast) since they have to wire the building.

 

[Fulgan]

What a pain in the ass - thankfully whatever botnet is using us to amplify their attacks are leaving a signature that I can see in the logs when I turn off access to anything but our netblocks. That means that over the course of a few hours I can come up with a list of what they keep attacking (over and over and over again) and block it while not making a major customer-visible change over a holiday weekend. Yay.

I had to deal with that on a DNS server myself. What I had was actually a DNS root amplification plus a bug that caused everyone to be able to request that root (because it was considered as local). I wrote a script to manually blacklist the "source" IP addresses and a week talking to the software developer into implement a way to block such requests. They eventually provided the new software.

After this, my IP was still hit with incoming DNS requests for root for month.

 

[sryan2k1]

Still no internet at the new HQ building. Morons. The actual radio carrier (It's WiMax) hasn't enabled the link for service. Guh, this was supposed to be done two weeks ago.

 

[afidel]

Still no internet at the new HQ building. Morons. The actual radio carrier (It's WiMax) hasn't enabled the link for service. Guh, this was supposed to be done two weeks ago.

You could get a Craddlepoint and load balance between two 3G/4G connections if you need something fast. We drop shipped them around the country in case of primary broadband outage before we added tethering to all our Blackberry plans.

 

[sryan2k1]

We are managing on a small army of MiFi's and tethered phones. It's supposed to be up tomorrow now, but I don't have much hope.

On the upside they got the PRI switched over a day sooner then I originally asked for, which means we at least had voice service at the new place.

 

[kennedye]

We are managing on a small army of MiFi's and tethered phones.

Wow. Be sure to post the bill for bandwidth for that.

 

[Deleted member 192806]

We are managing on a small army of MiFi's and tethered phones.

Wow. Be sure to post the bill for bandwidth for that.

Wonder if the caps will not get them first?

 

[sryan2k1]

We have 4 for about 50 users and yesterday was the first day they got used by everyone. I'm not to worried about the bill.


Do not want:

C:\Users\sryan2k1>ping -a x.x.23.194

Pinging fw1.interface.xxxcorp.com [x.x.23.194] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for x.x.23.194:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

 

[molo]

McAfee E-mail Gateway, a supposedly "enterprise" level product, has the following limitations:

Can't be monitored via SNMP
Doesn't do native SMTP load balancing (like every other mail product...ever)
Doesn't have automatic configuration synchronization between devices
Doesn't have automatic configuration backups
Taking a manual configuration backup incurs ~5 minutes of mail flow disruption
Doesn't integrate with AD to authenticate administrative users


Guess how this makes me feel.

One word, my friend. IronPort.

It's expensive as hell, but it's close to perfect.

 

[afidel]

McAfee E-mail Gateway, a supposedly "enterprise" level product, has the following limitations:

Can't be monitored via SNMP
Doesn't do native SMTP load balancing (like every other mail product...ever)
Doesn't have automatic configuration synchronization between devices
Doesn't have automatic configuration backups
Taking a manual configuration backup incurs ~5 minutes of mail flow disruption
Doesn't integrate with AD to authenticate administrative users


Guess how this makes me feel.

One word, my friend. IronPort.

It's expensive as hell, but it's close to perfect.

Amen, other than when a smart spammer pulls our response key from some public mailing list we get near zero spam, and that is rectified in almost no time (4 clicks maybe?). Other than virtualization I'm not sure I've seen a better ROI in IT.

 

[sporkme]

One word, my friend. IronPort.

It's expensive as hell, but it's close to perfect.

I don't use them, but I'm happy to see that they not only acknowledge that it's built on FreeBSD, but they claim to be contributing code back to the project:

http://www.cisco.com/web/about/doing_bu ... nport.html

Hey, I just learned something.

 

[PaveHawk-]

That trying to get licensing details, especially Microsoft licensing details, is an utter mind fuck.

Client bought Open Value Subscription, what do you think the chances are of me working out how to get the order fulfilled in a reasonable time frame is?

I'll give you a hint, its between zero and fuck all.

 

[Danger Mouse]

McAfee E-mail Gateway, a supposedly "enterprise" level product, has the following limitations:

Can't be monitored via SNMP
Doesn't do native SMTP load balancing (like every other mail product...ever)
Doesn't have automatic configuration synchronization between devices
Doesn't have automatic configuration backups
Taking a manual configuration backup incurs ~5 minutes of mail flow disruption
Doesn't integrate with AD to authenticate administrative users


Guess how this makes me feel.

One word, my friend. IronPort.

It's expensive as hell, but it's close to perfect.

Amen, other than when a smart spammer pulls our response key from some public mailing list we get near zero spam, and that is rectified in almost no time (4 clicks maybe?). Other than virtualization I'm not sure I've seen a better ROI in IT.

Hahahaha, we have Symantec. I've bitched about it before. It's no longer agonizingly slow on fairly modern hardware with the latest release. It's like they remembered to pull out the debug code or corrected the compile switches

Our old SMS for SMTP worked pretty well, until an antispam/anti-virus definition update killed something. Then the AD sync decided to go belly up. I could probably fix that with a reboot that lets me rename the database folder for the AD sync, but that could also kill the app.

GAH.

And to finally install the symantec anti-spam appliance, we need to do some network changes. In order for that to happen, we have to remove our legacy 6509 and switch over everything to our new 6509. Then the old 6509 could go to our mirror site (not really DR, since it's on the same site, but geographically distant somewhat).

 

[iBooks]

That trying to get licensing details, especially Microsoft licensing details, is an utter mind fuck.

Client bought Open Value Subscription, what do you think the chances are of me working out how to get the order fulfilled in a reasonable time frame is?

I'll give you a hint, its between zero and fuck all.

We asked our hardware provider to give us a quote for Windows 7 Enterprise, which led into Enterprise Agreements, CAL packages, and Office packs. We said that we'll pay no more than $300/computer, they came back with $600/computer. And it took them 7 weeks to get that overpriced answer too.

 

[chris]

That trying to get licensing details, especially Microsoft licensing details, is an utter mind fuck.

Client bought Open Value Subscription, what do you think the chances are of me working out how to get the order fulfilled in a reasonable time frame is?

I'll give you a hint, its between zero and fuck all.

We asked our hardware provider to give us a quote for Windows 7 Enterprise, which led into Enterprise Agreements, CAL packages, and Office packs. We said that we'll pay no more than $300/computer, they came back with $600/computer. And it took them 7 weeks to get that overpriced answer too.

It's amazing how long it takes to get this shit straight isn't it.

 

[Das Schwartz]

One word, my friend. IronPort.

It's expensive as hell, but it's close to perfect.

This was one of those things where a different department purchases the product and throws it at us, even though we had a perfectly good solution already in place.

We would have gone IronPort had we been given any sort of choice.

 

[Frennzy]

One word, my friend. IronPort.

It's expensive as hell, but it's close to perfect.

If by "perfect" you mean "does not have, and apparently has no plans for future, support of IPv6" then sure.