[TriLUG] How not to run a network

William Sutton william at trilug.org
Wed Feb 16 07:22:38 EST 2005 

Well, while I certainly agree with you on the subject of hardcoding 
username/password in code (particularly code that is in CVS (and what a 
fight we have had to get people to use CVS!)), I unfortunately have to say 
that the state of the IT procedures is rather stone-aged.  On the servers 
we use (inside the corporate network), telnet and rsh are the options...no 
ssh.  Most of the ftp servers belong to external customers, over which we 
have no control.  The customer wants us to ftp the report, so that's what 
we do.

It was in fact stated at the highest level of UNIX administration that 
LDAP+SSH was not secure enough as currently designed and would bear 
further review if it was to be used (someone please explain that to me) on 
a CVS server, with the option of pserver being held up as the preferred 
way to do things!

**shaking head**

I could go on at further length but all it would be is griping :)

William

On Wed, 16 Feb 2005, Kevin Flanagan wrote:

> Of course they are not very realistic, it appears that they just don't
> understand some basic things.  It doesn't matter about MS, vs. FOSS,
> ignorance will always be there, showing itself for what it is.
> 
> Jeff suggests pointing out their own breaking the rules, that sounds
> good, but also documenting the real business cases where complying with
> their edicts will cause more work, and of course what kinds of resources
> it will take to work around them.
> 
> 
> That said, hard coded username/password pairs inside any job is just
> bad, doing away with that would be one of my priorities, ftp or not.
> sftp with shared keys, scp, etc would be so much better.
> 
> 
> I live with stupid edicts to, move all user home directories to this
> expensive EMC device sitting in a central location, was one.  Never mind
> that it now takes far too long to enumerate my home directory over the
> WAN.  It was on a windows file server in the same computer room, and it
> was a lot faster.  We spend about a million dollars on it, I don't care
> if it's not as good......
> 
> 
> Kevin
> 
> 
> 
> On Tue, 2005-02-15 at 23:58 -0500, William Sutton wrote:
> 
> > Humm.  I wonder if some of the tech bigwigs at my company have been 
> > reading the same M$ glossies that your .edu friends have been reading.  We 
> > recently had a number of firm and unalterable decrees on the subject of IT 
> > policy sent out, some of which were not particularly well thought out:
> > - no downloading software from the internet (we do all know that the 
> > internet isn't trustworthy, right?  by the way, if I do Perl development 
> > for the company, does that mean my job is now outlawed?)
> > - no installing software unless it comes on a shrinkwrapped CD from a 
> > vendor with whom we have licensed the software (yeah, now how about 
> > running those Microsoft updates that my PC wants me to do?)
> > - no embedded account/password combinations in plaintext in programs 
> > (wait...just about every program we have ftp's a report to a client 
> > somewhere...are they going to allocate time/money/resources to bring the 
> > existing infrastructure into compliance?)
> > - no external IM clients...use the corporate IM server with the corporate 
> > IM client (no file transfer capability)
> > - any files with extensions (it seems) other than .txt or .dat are banned 
> > from email attachments (but you can rename them to .dat if you like...)
> > 
> > **major frustration**
> > 
> > This isn't even just about blaming virii for everything.  This is about 
> > people (dare I say, microserfs?) who believe that anything that can't be 
> > administered with a few mouse clicks is somehow black magic, and suspect 
> > at that, and the fact that they admin with a few mouse clicks somehow 
> > confers upon them wisdom and knowledge equal to their perceived admin 
> > power.
> > 
> > It seems that while Microsoft has succeeded in dumbing down the system 
> > administration process on their servers, that a correlating trend has been 
> > overlooked:  the dumbing down of Microsoft admins.
> > 
> > Is there a solution for this sort of ignorance?
> > 
> > William
> 
>

More information about the TriLUG mailing list