?

Log in

No account? Create an account
 
 
24 February 2009 @ 03:21 pm
The people that run my network  
The people who run the network here love firewalls. They love them. They especially love firewalls that are Cisco firewalls. They have them everywhere. I have two on my desktop connection as we speak. Like little green bricks, they multiply at night, I think. One of the main reasons is the hippie-loving network guru and his crew-cut pal who love to program them. I think they would program firewalls even if we didn't pay them. They love them THAT much.

The head of our network, whom we'll call "Derek," is like a 6-foot-4-inch mutant who towers over everyone, toting FreeBSD wisdom like an unbridled fire of dragon-esque zealotry. He drives one of those VW mini-vans with bathtub flowers stuck over the rust spots. When I came here, I saw him abusing the former network minions of his with some of the most back-handed, passive aggressive comments imaginable, like:

"This is the work of a fool. You're not a fool... are you?"

He went through like... 4 admins and 3 networking guys before he found his current minion, a guy we'll call "Bard." Bard is one of those rabid gun nuts with American flags all over his desk. Clean shaven with a crew-cut, Bard often just starts spouting "America: Love it or Leave it." He thinks the Colbert Report is not a farce, and "Team America" was a documentary (shh, he doesn't know they were puppets).

Derek and Bard seem like an unlikely couple. But Derek's mean streak stems from a sense of loss coming of age during the disco era. In fact, while Derek shows a good face with his small round blue spectacles and hemp headband, behind those bloodshot eyes rages the fevered mind of someone with far too many father abandonment issues. He's one of those people who actually gets meaner and more violent on pot. Bard, on the other hand, is just plain mean. He once kicked a puppy just for snoring too loud. Remember "Chet" from "Weird Science?" Yeah, like that guy.

"So yeah, yeah, Punkie, we get it. They are right bastards. How are they as network admins?"

I'd tell you if I knew. What little I can gather from the cryptic maze of VPNs, SSL certs, and heavily segmented VLANs (and we're talking hundreds of /30 subnets)... I have peered into the abyss of a pair of incredible control freaks. Let me tell you what I have to do just to post this damn entry:

First off, they made DHCP a TCP-only protocol. I don't know why, they just did. Something about not allowing any UDP on their network (or, in their words, "UDP is for fags!"). This makes it impossible to get an IP at boot time, so I have to create an OSDN socket, bind it to localhost, take a "borrowed IP" and connect to the IP database. If someone else is borrowing this IP, I'll get rejected, so often I have to do this several times. Once I connect, an encypted 2048 byte key exchange goes back and forth for a few minutes between my local database and the remote one. This will assign me another IP which will work for about 35 minutes (less if Derek is running his Counterstrike LAN game), and also populates my host file with the latest entries (no DNS, "UDP is for fags," remember?). Then I have to do an ssh -x to connect my nxmachine client to an xorg session on a Sun sever running OpenSolaris that acts as a gateway to "Middle Earth," a network segmented backbone where everything has been named for "Lord of the Rings." Then I VNC from that box to a Windows NT 4.0 box, and rdesktop via 9600 baud modem ("compression is for fags" as well) to "an outer gateway" to a VMWare system where I can use elinks to open a browser to the Internet on an HP9000, assuming the line is not busy. Sometimes I lose my "DHCP lease," and have to start all over.

Derek has a cruel streak that is legendary. Apart from his normal sharp sarcasm and ego-scraping patronization, Derek gives other employees impossible tasks "based on the thing they said that angered me." When someone joked, "Derek can't net hack out of a wet paper sack," Derek actually forced the employee to hack a wet paper bag connected to a Linksys router via a 10baseT cable. The employee, of course, failed ("UDP is for fags," remember?). Derek beat him mercilessly with a cat-o-nine tails fashioned from broken fiber cable and aluminum shards from split conduit pipe. That employee would have been 29 last week, according to his lamenting two children, still locked in our networking cage until his widow pays Derek a bill for the fiber cable.
___
Disclaimer: I may have made all this up to irritate the guy who snoops our network. "Don't have time to monitor what our employees do," my ass...
 
 
 
(Deleted comment)
punkwalrus: Brain Wash - 25 centspunkwalrus on February 25th, 2009 11:00 pm (UTC)
So's half the filkers I have met ;)
Agent of Chaosstormgren on February 24th, 2009 11:33 pm (UTC)

Oh dear god...

You broke my brain.

Archangel Mychaelpraecorloth on February 24th, 2009 11:53 pm (UTC)
I lol'd. If this isn't on Ars, it should be.
Archangel Mychaelpraecorloth on February 24th, 2009 11:53 pm (UTC)
Whoops. I didn't mean that as a reply to you. Though your comment is funny as well. :)
Wywy on February 25th, 2009 12:23 am (UTC)
Oh lord, that's hilarious. Dilbert meets BOFH!
Ironkiteironkite on February 25th, 2009 04:25 am (UTC)
This does not seem too far fetched from our network.

They've been in debate for 9 months on just how to properly set up remote access for people. Lucky for me I use a few careful contacts to bypass the nutcases.
tthtlc on February 25th, 2009 06:01 am (UTC)
why tcp?
"First off, they made DHCP a TCP-only protocol. I don't know why, they just did. "......i thought the answer was standard - TCP provide reliability....whereas UDP is not reliable?

But I don't understand your problem either....why u need to fake a TCP address? DHCP client just start with a broadcast address I thought?

Thanks :-).
punkwalruspunkwalrus on February 26th, 2009 02:27 pm (UTC)
Re: why tcp?
DHCP uses UDP for transport just as BOOTP does, and for the same reasons: simplicity and support for broadcasts. But since "UDP is for fags," Derek filters them out.

Even worse, if you try ANY UDP-based service, like DNS or TFTP, he will collect the packets in a log, print them out, and make you EAT the printout while he watches and tosses apples at your head. And he doesn't print them out on thin paper, either, oh no, he uses quality card stock. My shit was stained with blood for weeks from just one innocent connection with a time server.

bleearg13 on February 26th, 2009 02:04 pm (UTC)
Wow, these network guys sound like total d-bags. If I ever met this 'Derek' person, I would put him in his place by a good tolchok to the noggin. If I were you, I'd respond by telling him Theo De Raadt should be put on trial for war crimes and executed shortly thereafter.

Bard seems a bit better and would likely benefit from taking up a hobby such as collecting dragons, movies about dragons, and anything having to do with dragons. I think dragons are soothing, misunderstood creatures.
punkwalruspunkwalrus on February 26th, 2009 02:16 pm (UTC)
He hates Theo, being a FreeBSD zealot. Theo is a "traitor" or something like that. I try and stay out of his way, but sometimes he gets on these... rampages... where he grits his teeth and storms around the office making random gutteral growls. One guy said something that Derek thought was the word "Theo," (I think it was "neato") and he just went APESHIT. He tossed a router through a wall, and we used to have this huge rack of monitors that showed all kinds of valuable information, and he cleaned them out like a hog on a cob of corn. Hardware was -everywhere- and I am still finding shards on CRT glass and phosphorus dust in my hair.

We ALL are.

punkwalruspunkwalrus on February 26th, 2009 02:21 pm (UTC)
Oh and Bard hates dragons. "Faggity-ass lizards" he calls them. I like dragons, they fly and breathe fire, what's not to like? But he thinks they are tools of the devil and un-American.

Seriously, he's back there now, programming 2 more firewalls. He got one of them to play BIOS beeps to the tune of "God Bless America," I did even know you could DO that with access_lists.

Fuck, man.