Archive for June, 2010

Why I was right all along… (via postie)

Monday, June 21st, 2010

Bookmark this category
Over the last couple of weeks I’ve had a couple of job-search results that have looked rather familiar. These being with a particular spec from a particular agency who were the only agency to deal with this particular company, which is the same as one I interviewed for a few weeks ago, yet didn’t get due to a disagreement in methodology between myself and their Polish ‘Technical Lead’. Now, over the last weekend, I was having a chat with a couple of the tech guys I know who just happen to work at the hosting centre (‘The Bunker’) at which this company that I’ve ended up not working for have their servers hosted. Now with these guys being proper techies who know what they’re doing, they agreed with my points of why the Eastern european ‘Technical Lead’ was in fact mistaken, with one of them mentioning that the TL is somewhat difficult to deal with and the other suggesting that while our friend from the former eastern bloc may have adequate unix skillz, their methods (like one changing firewall policies without notification because he didn’t like them) may leave something to be desired. So, what were these disagreements? and why were they mistaken? * “CentOS is the only operating system of choice because it has a 6-year support life”. You see, I’d been asked which linux distro I preferred and I said I preferred (personally) Debian, for the way it is engineered. For me, the RedHat-based distros, although they no longer suffer from ‘dependency hell’ with the addition of yum and their own repositories, still feel somewhat clunky to me. Also that RedHat encourage the use of their own command-line tools for systems management, whereas the Debian-based distros encourage you to edit config files yourself, thereby giving you the experience of how components are configured and where you should check for errors if some service or component is misbehaving (as opposed to turning something on or off with a curses-based interface). Also, given that the service life on most new hardware is 3 years, does having an operating system that may be supported for twice that really make that much difference? Ubuntu has 4 years LTS which for me is fine enough. Now, although personally I may prefer Debian/Ubuntu, professionally I would have to say I prefer Solaris, mainly for ZFS and Zones/Containers. I like that it’s solid, proven and well supported. Which brings me on to point 2.

* “Every system should always have the latest updates”. Well yes, in theory that may sound like a perfectly fine statement, yet in reality, for servers you may not want do that. So during the second hour-long technical test for this job-that-I-didn’t-get I wanted to look up an ssh config parameter, so I logged into a machine that I have which happens to still be running Debian Sarge. Now, some of you may recoil in horror at this, with it being 2 iterations behind current and being relegated to the Debian archive. Yet some of you will understand how sometimes there are situations that preclude the updating of what may be a legacy system due to any number of factors including needing particular versions of libraries, usage of the system which makes it difficult to find a time to upgrade it (say if 4 different teams are required to agree on a time but never can), or needing to plan a migration strategy as upgrading remotely is too much of a risk). In fact the Sun IPX’s that I rescued from my last employer (wanted them for a project), were still running Solaris 2.4 at time of their redundancy, which was only around Spring 2009. So the age of a system is not necessarily related to its effectiveness or validity of usage. So from my conversation of last weekend (as long as I remembered this right!) the guys at ‘The Bunker’ have a policy where you only update a system if it has been shown to resolve a known vulnerability and gets signed off (which I’m taking to mean had already been tested elsewhere!). Which for me, being someone who prefers a system to be as stable as possible, makes perfect sense – “If it’s a live system and ain’t broke, then don’t risk f*cking it up!”, unless you can justify the update. Which leaves me with one other point:

* “Every machine should have its own firewall” Now in isolation, this may seem a perfectly acceptable statement. Which it can be, as long as you have only (eg) 6 machines. Once you get to 60 or 600, then this idea collapses, as do you really want to have to do that much management of a system?.. For me, the correct statement would be “Any network or sufficient size should have its firewalls (as in a failover pair) at the edge of the network where they should be”, accompanied by “Treat any small network as if it were larger, that way you’ve already prepared for it to be scalable”. So what this shows me, is that our ‘friendly’ Technical Lead has obviously never managed a larger system. Otherwise he would think differently.

What I find most depressing is that these people who might be very good at what they do (within a very restrictive set of parameters) get to be in positions of influence because they are able to shout loudly that you should listen to them because they’re the best ever whatever and they believe themselves to be right as they’ve never been wrong. Yet those above are happy to leave them to it because of that self-belief and ability to justify their decisions, however ‘wrong’ they may be in the bigger picture. For someone like me who has, well, more years of experience than I would sometimes like to be reminded of, I know I have the knowledge and wisdom to know not just when to use a particular operating system of service for a particular application, but when NOT to. Which is experience that our friends from the east (be that Europe or especially India) generally don’t have… So while I’m sitting there in some recent interviews being told some complete nonsense, it is somewhat difficult to not speak up and tell this other person, “Hold on, if you stop and look at whatever-this-is from a slightly wider perspective (that you’d only get from more experience), you’d understand how you are in fact talking complete bollocks”, when this other person is the one making the decision…