Peak security
-
This is precisely the problem that deploy-rs solves!
why is everything in rust now
-
Does it actually happen to people? All servers I worked with both had a back door (or two), and someone at the data centre (during work hours at least) you could contact in an emergency.
I guess some smaller companies might have simpler setups they self-host
-
why is everything in rust now
It's easy to write, easy to build, produces lightweight and fast executables, and the type system is great. Why not rust?
-
^This^ ^is^ ^a^ ^joke,^ ^I^ ^didn't^ ^really^ ^lock^ ^myself^ ^out^
What's really fun is hearing "oh shit" from the UPS maintenance tech followed by darkness and silence.
-
You have a right to pass once you've done this rite of passage.
-
I don't belief it.
Just breath!
-
Does it actually happen to people? All servers I worked with both had a back door (or two), and someone at the data centre (during work hours at least) you could contact in an emergency.
Most data centers have some kind of service where you can request a KVM to be connected to the server. It's not instant as an actual human has to do so but a lot sooner than another human driving long distance. I guess in this case, it's a mid size company that is big enough to have multiple locations yet small enough to still manage to use on-premise infra instead of data centers.
-
^This^ ^is^ ^a^ ^joke,^ ^I^ ^didn't^ ^really^ ^lock^ ^myself^ ^out^
even worse. I regularly have to get up out of my chair and go down 2 stairs.
Also this took a while to find, but : https://sourceforge.net/p/shorewall/svn/HEAD/tree/branches/4.2/Samples/one-interface/shorewall.conf
ADMINISABSENTMINDED=YesIs an actual setting in the config for the (now apparently unmaintained) Shorewall Firewall software/tool for linux.
If I remember correctly, it always checks on firewall rule changes if there is an active connection on port 22, and adds a special rule at the end to maintain that connection.
They don't build them like they used to anymore.
-
Believe it or not, straight to jail
-
Yes, I also used to run an "on premise" server - in my kitchen, not 500km away. I sometimes might need to admin it remotely, but never critical setup work.
And the meme makes it sound like they have to drive there specifically to fix it, like nobody is actually living nearby.Well, I have my server running in my parents basement, because they have fiber, and I don't.
It's not quite a 500km drive, but still a long enough distance for this scenario to be a major inconvenience.
But since I have wireguard running on their router though this specific scenario is not something that could happen to me
-
They had a hardware failure but close enough
Would misusing the
ddcommand be considered a hardware failure? -
Does it actually happen to people? All servers I worked with both had a back door (or two), and someone at the data centre (during work hours at least) you could contact in an emergency.
-
Just breath!
deaths
-
Yes, I also used to run an "on premise" server - in my kitchen, not 500km away. I sometimes might need to admin it remotely, but never critical setup work.
And the meme makes it sound like they have to drive there specifically to fix it, like nobody is actually living nearby.wrote on last edited by [email protected]I mean it's a pretty realistic scenario. I happened to be the unlikely remote hands for the company I work for just a few weeks ago.
Company: an industrial cleaning company with about 1500 AD users and about 8000 employees, historically had 2 corporate offices, currently has three as it's transitioning one corporate office across the country
Server and mistake in question: old admin who's no longer with the company setup the ESXI 6.0 cluster in the server room at the office without documenting the root password to access it. This cluster happens to host the companies critical services including AD so being unable to access the host has been blocking the office migration. Old admin had also not fixed the ESXI backups which have been broken for over 3 years so no backups to restore from. Also the out of band access to the servers was never correctly setup
I happening to be close to this office and having IT experience was poked to go in and with physical access to modify the shadow file and set the root password to be blank. Had I not been available they would have had to fly someone in from the office 2000 miles away or hire a very expensive local contractor to come in after hours to do the same thing
-
They should have a remote console like Dell RAC or HP iLO
Could be they were configuring the actual network firewall and got a couple of rules out of order so they blocked all of their out of band access
-
^This^ ^is^ ^a^ ^joke,^ ^I^ ^didn't^ ^really^ ^lock^ ^myself^ ^out^
Almost the same thing happened to me. I accidentally fucked up the internet connection in my home while in Japan, and I had to video call my mom to have her fix it. It was a pain for both of us, but thankfully it went rather smoothly. Thank you mom!
-
Does it actually happen to people? All servers I worked with both had a back door (or two), and someone at the data centre (during work hours at least) you could contact in an emergency.
wrote on last edited by [email protected]iptables default DENY and flush the rules. Done by at least two people I know (then me) at the same company. Led to them moving the servers in-house and virtualizing some services to connect to the hypervisor. It does happen though.
-
deaths
deaths nuths
-
^This^ ^is^ ^a^ ^joke,^ ^I^ ^didn't^ ^really^ ^lock^ ^myself^ ^out^
Before you make a change, do this in a screen-session:
sleep 300 && iptables-restore old_fw_rules.bak
-
It's easy to write, easy to build, produces lightweight and fast executables, and the type system is great. Why not rust?
Rust does not have an ABI. Everything is linked into the executables. I would not call them lightweight.
