YourHuckleberry

I'm a generalist SysAdmin. I use Linux when necessary or convenient. I find that when I need to upgrade a specific solution it's often easier to just spin up an entirely new instance and start from scratch. Is this normal or am I doing it wrong? For instance, this morning I'm looking at a Linux VM whose only task is to run Acme.sh to update an SSL cert. I'm currently upgrading the release. When this is done I'll need to upgrade acme.sh. I expect some kind of failure that will require several hours to troubleshoot, at which point I'll give up and start from scratch. I'm wondering if this is my ignorance of Linux or common practice?

They hired a new hotshot engineering manager (the kind that makes physical things). He hates the engineering software we run. I don't blame him, it's crap software. He constantly complains about how slow it its. He's right again. Crap Software Vendor says it's my platform that makes their software slow and buggy. I'm willing to make any changes they recommend, but they've got nothing. They're like, "it runs fine in our test env." So hotshot goes rogue and signs contracts to move engineering to a cloud platform that he used at his old job. I wasn't brought in until after the ink dried.

New vendor sends me a link, login, and password via email. I go to the link. It's fucking remote desktop gateway. Open to the internet. The password isn't a temp, that's my permanent unchangeable password. This is how they handle user access control. No MFA. Nothing between the screaming void and our data but IIS and an AD password.

So I start pissing in the tent. I tell everyone this is unacceptable security for our IP. Vendor acknowledges that their security is insufficient and lays out their roadmap to fix it, hopefully by the end of year(I'm holding my breath). I ask if we can just run the software ourselves.

I have a convo with our CEO who usually listens to my advice. He asks if we can just host the new software on our platform (the one that already has MFA and a whole lot of other security measures). I say, "That's exactly what I was thinking." So, CEO email in hand I go back to the group and tell them to make preparations to move the implementation to our platform.

Hotshot starts bitching and moaning about how he doesn't want another slow app. A data analyst chimes in with her two cents out of fucking nowhere. I'm not even sure why she's on the email chain. I'm about two seconds away from going Joe Pesci on these goombas.

What the fuck guys? Who cares if the app is slower on our platform (not that it necessarily will be)? What good is a fast app that's insecure? How fast is it gonna be when it's ransomwared to hell? It'll be nice that the app is fast when BianLian is downloading all our designs so they can extort us.

"Well they're a big company and they haven't gotten hacked yet?" Thanks for that Captain Smith, but I know a fucking iceberg when I see one.